The goal of Lab 01 is to become familiar with the social engineering and perform some simple security related tasks

* Lecture Introduction,Social Engineering

The goal of Lab 02 is to become familiar with Web Application Attack Techniques. Students will use Burp and/or WebScarab, and perform active attacks, such as Injections, XSRF and XSS.

To prove you have completed the lab, you must demonstrate the following to the instructor:

• Show your 5 successful attacks.

• Lecture Web Application Attack Techniques
• Web Target Gruyere

The goal of the Lab 03 is to become familiar with various injection problems such as command injection, code injection etc. Injection attack is the exploitation of software bugs caused by processing invalid data. The goal of this lab is to study ways to exploit different injection vulnerabilities.

• Sample Application Casino
• Java Decompiler JODE
• Dynamic linker Dynamic linker Static, Shared Dynamic and Loadable Linux Libraries DLL Injection
• Lecture Slides

In this Lab 04, you will recover passwords using two different techniques: dictionary attack and precomputation attack. Recovering a password, known as password cracking, can be a devastating attack, especially since most users will reuse the same password on different systems. Also, physical access to a machine represents an important opportunity for attackers to compromise the system and gain access. This will be explored by using bootable media to compromise an operating system.

• Password Crackers John the Ripper ophcrack
• Password Dumping Utilities Pwdump fgdump
• Lecture Slides

The goal of Lab 05 is to become familiar with network protocols (IP, TCP, ARP). Students will use sniffing tools to monitor user sessions on other hosts in the network, and perform active attacks, such as redirecting traffic and issuing a denial of service attack.

• Sniffers Wireshark tcpdump
• Network Tools netcat nmap
• Lecture Slides

The goal of the Lab 06 is to gain first-hand experience on different types of overflow vulnerabilities. Such vulnerabilities can be utilized by a malicious user to alter the flow control of the program, even execute arbitrary pieces of code. For instance, buffer overflow vulnerability arises due to the mixing of the storage for data (e.g. buffers) and the storage for controls (e.g. return addresses): an overflow in the data part can affect the flow of the program, because an overflow can change the return address and as a result enable execution of malicious code

• Tools Metasploit gdb
• Papers Smashing the Stack Metasploit for dummies Developing an Exploit Using the Metasploit Framework
• Lecture Slides

The goal of Lab 07a is to practice configuring a small network

• Computer Name RFC1178, Appropriately Name Networked Windows Computers
• Protocols DHCP, DNS and ICMP
• File systems NTFS ext3
• Windows Security Authentication Domain Controller
• Windows Admin Tasks Common Administrative Tasks , VBScript, Logon Script, VBscript examples
• Linux Admin Linux Administration ,Linux Password File

The goal of the Lab 07 is to study intrusion protection strategies, and gain hands-on experience with different types of protection methods, such as intrusion detection and prevention software (IDPS), auditing, and honeypots

• Tools Snort honeyd honeyd labrea
• Lecture Slides

• Rules Game