Post on 24-Dec-2015
Herbert BosErik van der Kouwe
Remco Vermeulen
Andrei Bacs cns-l@few.vu.nl
Computer and Network Security
• Little crypto• Much hacking• No book• Very intensive
Who should pick this course?
• You, if you would like to be a “security expert”• You, if you are technical in the Systems sense– C and Linux should not be a problem for you– If you have never written a C program… then this
might not be for you– At the very least, you will have to catch up
• You, if you are interested in solving technical problems
• You, if you are not afraid to invest “private” time…
Set up
• 70% challenges and 30% exam– all grades must be >= 5
• Theory in lectures• Four challenges– Throughout the course duration– Solve in your own time
• Final exam– Exam material: all material covered in the lectures– Papers and material provided during the lectures
Challenges
• Start simple, end tough• You will not know in advance what the
challenges are• Speed matters– top 3 : 1pt bonus– below that : it still matters!
• Top achievers will be announced and applauded• Choose nicks – compete, have fun!
If you work hard…
• this will be an extremely rewarding course.
2010
2011
VU-Bar
• we run a regular CTF team• excellent way to learn more and have fun
• Hack in the Box 2010 (Amsterdam)– Capture the Flag
competition– 6 VU students
participated– When the dust
settled…we ranked 1-6!
2011
Contacts
• guest lecture(s)• internships– KPMG– Atos– NFI– Smaller security firms– …
Alert: new course
• Binary and malware analysis (first term next year)
Course information
• Everything will be made available via blackboard
• There is a discussion board, use it!– All questions should first be posted on the
discussion board– Help each other, but do not give full solutions
Case Study: Operation Aurora• A massive cyber attack first disclosed by Google on January, 2010
– The attack targeted many different organizations(Google, Adobe, Yahoo, Symantec, . . . )
– Originated in China
• Goal: to compromise the source code repositories of several high tech companies
How did it work?
Case study: operation Aurora
1. The attackers spam infected URLs (e-mail, IM, . . . )
Case study: operation Aurora
1. The attackers spam infected URLs (e-mail, IM, . . . )2. A victim opens an infected web page
Case study: operation Aurora
1. The attackers spam infected URLs (e-mail, IM, . . . )2. A victim opens an infected web page3. Some JavaScript code exploits a 0-day vulnerability in IE
Case study: operation Aurora
1. The attackers spam infected URLs (e-mail, IM, . . . )2. A victim opens an infected web page3. Some JavaScript code exploits a 0-day vulnerability in IE4. The payload of the exploit downloads & installs multiple malware samples
Case study: operation Aurora
1. The attackers spam infected URLs (e-mail, IM, . . . )2. A victim opens an infected web page3. Some JavaScript code exploits a 0-day vulnerability in IE4. The payload of the exploit downloads & installs multiple malware samples5. The malware scan the LAN, looking for source code repositories
Case study: operation Aurora
1. The attackers spam infected URLs (e-mail, IM, . . . )2. A victim opens an infected web page3. Some JavaScript code exploits a 0-day vulnerability in IE4. The payload of the exploit downloads & installs multiple malware samples5. The malware scan the LAN, looking for source code repositories6. The malware contact a remote server and ask for commands from the attackers
“attack www.cs.vu.nl”
Case study: operation AuroraLessons learned
1. Most security threats start from the web2. A malicious web page leverages a defect in a program to
gain arbitrary code execution3. The exploit downloads and installs a malware sample,
infecting the victim4. Victim turns into a bot• Steals sensitive information• Performs scan, DDoS, SPAM, and other malicious activities
April 5, 16.17
(Network Security)
May 4, 7, 10 April 20, 23, 27
May 14
What about today, and May 25th? History, hacking, and (a crash course on) cryptography
May 21
Course outline (tentative)
• Mon 2 April : IntroductionAnnounce assignment 1 due on Mon 9 Apr @ 23:59 CET (1 week)
• Thu 5 Apr 9:00?! : Network security Announce assignment 2 due on Mon 23 Apr @ 23:59 CET (2+ weeks)
• Mon 16 Apr : Network security (CONT'd) • Tue 17 : Network security (CONT'd) • Fri 20 Apr : Application security
• Mon 23 Apr : Application security (CONT'd) Deadline assignment 2Announce assignment 3 due 14 May Apr @ 23:59 CET (3+ weeks)
• Fri 27 Apr : Application security (CONT'd)
Course outline (tentative)• Fri 4 May : Web App security
• Mon 7 May : Web App security (CONT'd) • Fri 10 May : Web App security (CONT'd)
• Mon 14 May : Web App security (CONT'd)Deadline assignment 3Announce assignment 4 due 31 May @ 23:59 CET (2 weeks)
• Mon 21 May : Botnets • Fri 25 May : Cryptography
• Thu 31 May : EXAMDeadline assignment 3
Grading
• 70% assignments, 30% exam• Every grade should be at least a 5.0• Speed matters
Assignment grade
Assignment grade breakdown
Assignment grade breakdown
Assignment grade breakdown
Assignment grade breakdown
Instructors
Herbert Bos herbertb@cs.vu.nl
Erik van der Kouwe vdkouwe@cs.vu.nlRemco Vemeulen
r.vermeulen@few.vu.nl
Andrei Bacs a.bacs@vu.nl
cns-l@few.vu.nlbut send all your email to
Questions?