Analysis and Exploration of Vulnerabilities 2021/2022

                                  
   ▄▄▄▄▄▄▄ ▄ ▄ ▄▄▄▄ ▄▄▄▄ ▄▄▄▄▄▄▄  
   █ ▄▄▄ █ ▄██▀▀▀  █   █ █ ▄▄▄ █  
   █ ███ █ █▀▀▄█ █▀▄█▄▄▀ █ ███ █  
   █▄▄▄▄▄█ ▄ █▀▄▀▄▀█▀▄▀█ █▄▄▄▄▄█  
   ▄▄▄▄  ▄ ▄ █▄█▄ ███▄ ▀▄  ▄▄▄ ▄  
   ▀▀██▄█▄ ▄▄█▄██▀▀▄ █ ▀▄ ▀█▀██▀  
   █▄  ▀ ▄▀▀██ ▄ ▄█▄ ▀▀▄  ▀ █▄▄█  
   ▄ ▄ ██▄▄▀  █▀▄▀▀ █▀██ ▀▄ █▀██  
   ▀▄▄█▄▀▄█ █▄▀▄ █▀█▄▄ ▄█▀██▀▄▀█  
   ▄ ▀▄▀█▄  █▄  ▄███ ▀ ██ ▀▄  ▀   
    ▄███ ▄▀▀█▀▀ ██▄▄█▄██▄▄▄▄█▀ █  
   ▄▄▄▄▄▄▄ ▀ ▀   ▄▀▀ ███ ▄ ██▀ ▀  
   █ ▄▄▄ █   ▀█▀▀▀▀▀ ▀▀█▄▄▄█ ▄▄   
   █ ███ █ █▀▀▀▄▀▄ █ ▀ ██ ▄ ▄  █  
   █▄▄▄▄▄█ ██▄▄▀▀ █▄ █▄▄▄▄  ▀▄█   
 

Subject lectured to the 1st year of the Masters in Cybersecurity, providing a view over the issue of vulnerability management, it’s assessment, impact, and then exploration.

This edition will be lectured by professor João Paulo Barraca (email: [email protected]). Teaching staff will be available by email and MS Teams, especially during the allocated tutoring slots. The use of the MS Teams platform for direct communication is highly recommended. Official course information will be available in this page, while grades will be available through restricted areas (Elearning and MS Teams).

Classes will be lectured in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All lecture notes and laboratory guides will be made available in English. Examinations will be made available in either English and Portuguese.

Prospecting students should be aware that this subject some knowledge and comprehension of several topics in the areas of networking, software and operating systems, such as: the Python/C/PHP, Linux console usage (mostly Debian), virtual machines, sockets, HTTP and HTML technologies, mobile applications. Although lacking specific knowledge is not critical, the contents will expect you to have some base knowledge on those topics.

Important Dates

  • T1: November 26th 2022 (during the class)

  • T2 and E1: February 11th, 16:00, room 5.1.62

  • ES and PS: February 25th, 15:00, room 5.3.3

  • EE and PE: September

  • Assignment 1 - November 19th, 23:59

  • Assignment 2 - January 2nd, 23:59

  • Assignment 3 - February 1st, 23:59

Planning

According to the UA academic schedule, classes will be lectured from October 11th, until January 25th. The subject is composed by a 3 hours of theoretical lectures, and 1 hour of tutoring, making a total of 4 hours per week of contact hours. It is expected the students to spend an additional 2-3 hours per week exploring the concepts presented during the lectures, preparing projects and assignments. It is also expected them to make use of the tutoring times if they have questions or require some assistance. Theoretical classes will present key aspects related with vulnerability management, vulnerability assessment, relevant vulnerabilities in current service architectures (mostly web or REST based), lower level aspects related with stacks, heaps and other vulnerabilities, and then mobile applications.

The topics lectured in each class should be as presented in the following table. Changes may happen, so please check it frequently.

# Date Topic
1 Oct 15 Course Guidelines, Vulnerabilities
2 Oct 22 Information Leakage
3 Oct 29 Vulnerability Assessment
4 Nov 5 Injection Vulnerabilities: SQLi
5 Nov 12 Injection Vulnerabilities: OS Injection
6 Nov 19 Theoretical Test, Injection Vulnerabilities: OS Injection
7 Nov 26 Broken Authentication
8 Dec 3 XSS - Cross Site Scripting
9 Dec 10 Lower level buffer manipulation (Stack)
10 Dec 17 Lower level buffer manipulation (Heap)
11 Jan 7 Lower level buffer manipulation (Print Formats, ROP)
12 Jan 14 Concurrency
13 Jan 21 Mobile Vulnerabilities

Software

  • Bettercap: The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.
  • Wireshark: The most popular packet sniffer application.
  • WebGoat: A deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
  • Kali Linux: A popular Penetration Testing Distribution.
  • John the Ripper: A password Cracker.
  • Hashcat: Advanced Password Recovery tool, especially tailored at OpenCL.
  • nmap: Probably the most famous port scanner and recognaissance tool.
  • Burp Suite: Vulnerability assessment tool
  • OWASP ZAP: OWASP Zed Attack Proxy is a vulnerability assessment tool, similar to Burp, but open source.

Websites

Books

Next