Herbert BosErik van der Kouwe

Remco Vermeulen

Andrei Bacs cns-l@few.vu.nl

Computer and Network Security

• Little crypto• Much hacking• No book• Very intensive

Who should pick this course?

• You, if you would like to be a “security expert”• You, if you are technical in the Systems sense– C and Linux should not be a problem for you– If you have never written a C program… then this

might not be for you– At the very least, you will have to catch up

• You, if you are interested in solving technical problems

• You, if you are not afraid to invest “private” time…

Set up

• 70% challenges and 30% exam– all grades must be >= 5

• Theory in lectures• Four challenges– Throughout the course duration– Solve in your own time

• Final exam– Exam material: all material covered in the lectures– Papers and material provided during the lectures

Challenges

• Start simple, end tough• You will not know in advance what the

challenges are• Speed matters– top 3 : 1pt bonus– below that : it still matters!

• Top achievers will be announced and applauded• Choose nicks – compete, have fun!

If you work hard…

• this will be an extremely rewarding course.

2010

2011

VU-Bar

• we run a regular CTF team• excellent way to learn more and have fun

• Hack in the Box 2010 (Amsterdam)– Capture the Flag

competition– 6 VU students

participated– When the dust

settled…we ranked 1-6!

2011

Contacts

• guest lecture(s)• internships– KPMG– Atos– NFI– Smaller security firms– …

Alert: new course

• Binary and malware analysis (first term next year)

Course information

• Everything will be made available via blackboard

• There is a discussion board, use it!– All questions should first be posted on the

discussion board– Help each other, but do not give full solutions

Case Study: Operation Aurora• A massive cyber attack first disclosed by Google on January, 2010

– The attack targeted many different organizations(Google, Adobe, Yahoo, Symantec, . . . )

– Originated in China

• Goal: to compromise the source code repositories of several high tech companies

How did it work?

Case study: operation Aurora

1. The attackers spam infected URLs (e-mail, IM, . . . )

Case study: operation Aurora

1. The attackers spam infected URLs (e-mail, IM, . . . )2. A victim opens an infected web page

Case study: operation Aurora

1. The attackers spam infected URLs (e-mail, IM, . . . )2. A victim opens an infected web page3. Some JavaScript code exploits a 0-day vulnerability in IE

Case study: operation Aurora

1. The attackers spam infected URLs (e-mail, IM, . . . )2. A victim opens an infected web page3. Some JavaScript code exploits a 0-day vulnerability in IE4. The payload of the exploit downloads & installs multiple malware samples

Case study: operation Aurora

1. The attackers spam infected URLs (e-mail, IM, . . . )2. A victim opens an infected web page3. Some JavaScript code exploits a 0-day vulnerability in IE4. The payload of the exploit downloads & installs multiple malware samples5. The malware scan the LAN, looking for source code repositories

Case study: operation Aurora

1. The attackers spam infected URLs (e-mail, IM, . . . )2. A victim opens an infected web page3. Some JavaScript code exploits a 0-day vulnerability in IE4. The payload of the exploit downloads & installs multiple malware samples5. The malware scan the LAN, looking for source code repositories6. The malware contact a remote server and ask for commands from the attackers

“attack www.cs.vu.nl”

Case study: operation AuroraLessons learned

1. Most security threats start from the web2. A malicious web page leverages a defect in a program to

gain arbitrary code execution3. The exploit downloads and installs a malware sample,

infecting the victim4. Victim turns into a bot• Steals sensitive information• Performs scan, DDoS, SPAM, and other malicious activities

April 5, 16.17

(Network Security)

May 4, 7, 10 April 20, 23, 27

May 14

What about today, and May 25th? History, hacking, and (a crash course on) cryptography

May 21

Course outline (tentative)

• Mon 2 April : IntroductionAnnounce assignment 1 due on Mon 9 Apr @ 23:59 CET (1 week)

• Thu 5 Apr 9:00?! : Network security Announce assignment 2 due on Mon 23 Apr @ 23:59 CET (2+ weeks)

• Mon 16 Apr : Network security (CONT'd) • Tue 17 : Network security (CONT'd) • Fri 20 Apr : Application security

• Mon 23 Apr : Application security (CONT'd) Deadline assignment 2Announce assignment 3 due 14 May Apr @ 23:59 CET (3+ weeks)

• Fri 27 Apr : Application security (CONT'd)

Course outline (tentative)• Fri 4 May : Web App security

• Mon 7 May : Web App security (CONT'd) • Fri 10 May : Web App security (CONT'd)

• Mon 14 May : Web App security (CONT'd)Deadline assignment 3Announce assignment 4 due 31 May @ 23:59 CET (2 weeks)

• Mon 21 May : Botnets • Fri 25 May : Cryptography

• Thu 31 May : EXAMDeadline assignment 3

Grading

• 70% assignments, 30% exam• Every grade should be at least a 5.0• Speed matters

Assignment grade

Assignment grade breakdown

Assignment grade breakdown

Assignment grade breakdown

Assignment grade breakdown

Instructors

Herbert Bos herbertb@cs.vu.nl

Erik van der Kouwe vdkouwe@cs.vu.nlRemco Vemeulen

r.vermeulen@few.vu.nl

Andrei Bacs a.bacs@vu.nl

cns-l@few.vu.nlbut send all your email to

Questions?