Difference between revisions of "MSc: Offensive Technologies"

From IU
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
  +
 
= Offensive Technologies =
 
= Offensive Technologies =
  +
* '''Course name''': Offensive Technologies
  +
* '''Code discipline''': ?
  +
* '''Subject area''':
   
  +
== Short Description ==
* Course name: Offensive Technology
 
  +
This course covers the following concepts: Software Security; Malware Analysis; Mobile Security; Network and Web Security.
* Course number: ?
 
   
== Course characteristics ==
+
== Prerequisites ==
   
=== Key concepts of the class ===
+
=== Prerequisite subjects ===
 
* Software Security
 
* Malware Analysis
 
* Mobile Security
 
* Network and Web Security
 
 
=== What is the purpose of this course? ===
 
 
Offensive Technology introduces methods, tools, and techniques to the students to assess the security of different services, protocols, and applications. The course aims to expose the students to real-world expertise from a security perspective and let them find vulnerabilities in both software and hardware, Also in this course, the students will learn how to analyze a malicious application and how they can understand the behavior of this application and deploy the appropriate defenses against this application. Furthermore, the students will develop projects of their choice to show their skills. In this course, the students will particularly focus on Software Testing, Fuzzing, Malware Analysis, Mobile Security, and Network and Web Security.
 
 
== Prerequisites ==
 
 
* The course has been designed to be self-included as much as possible. The successful completion will depend on prerequisite courses such as:
 
* The course has been designed to be self-included as much as possible. The successful completion will depend on prerequisite courses such as:
* [https://eduwiki.innopolis.university/index.php/MSc:Advanced_Security CSE522 - Advanced Security]
+
* CSE522 - Advanced Security
 
* Essential skills
 
* Essential skills
* Classical Internet Applications
+
* Classical Internet Applications
   
  +
=== Prerequisite topics ===
   
== Course Objectives Based on Bloom’s Taxonomy ==
 
   
  +
== Course Topics ==
==== What should a student remember at the end of the course? ====
 
  +
{| class="wikitable"
  +
|+ Course Sections and Topics
  +
|-
  +
! Section !! Topics within the section
  +
|-
  +
| Software Security ||
  +
# Buffer overflow vulnerability
  +
# Format string vulnerability
  +
# ASLR defensive technique
  +
# NX defensive technique
  +
# Fuzzing security testing
  +
|-
  +
| Malware Analysis ||
  +
# Malware evasion techniques
  +
# Malware injection techniques
  +
# Malware artifacts
  +
# Virtual Machine environment hardening
  +
# Professional malware analysis frameworks and tools
  +
|-
  +
| Mobile Security ||
  +
# Mobile architecture
  +
# Mobile security testing
  +
# Detection of mobile malware
  +
# Professional mobile security testing frameworks and tools
  +
|-
  +
| Network and Web Security ||
  +
# Injection Flows
  +
# Cookies Flows
  +
# Server Misconfiguration
  +
# Network Misconfiguration
  +
|}
  +
== Intended Learning Outcomes (ILOs) ==
  +
  +
=== What is the main purpose of this course? ===
  +
Offensive Technology introduces methods, tools, and techniques to the students to assess the security of different services, protocols, and applications. The course aims to expose the students to real-world expertise from a security perspective and let them find vulnerabilities in both software and hardware, Also in this course, the students will learn how to analyze a malicious application and how they can understand the behavior of this application and deploy the appropriate defenses against this application. Furthermore, the students will develop projects of their choice to show their skills. In this course, the students will particularly focus on Software Testing, Fuzzing, Malware Analysis, Mobile Security, and Network and Web Security.
   
  +
=== ILOs defined at three levels ===
By the end of the course, the students should be able to recognize and define
 
   
  +
==== Level 1: What concepts should a student know/remember/explain? ====
  +
By the end of the course, the students should be able to ...
 
* Common weaknesses/vulnerabilities in web application
 
* Common weaknesses/vulnerabilities in web application
 
* ASLR, NX, and how are these techniques can help to protect against a malicious attacker
 
* ASLR, NX, and how are these techniques can help to protect against a malicious attacker
Line 37: Line 67:
 
* Mobile security analysis
 
* Mobile security analysis
   
==== What should a student be able to understand at the end of the course? ====
+
==== Level 2: What basic practical skills should a student be able to perform? ====
  +
By the end of the course, the students should be able to ...
 
By the end of the course, the students should be able to describe and explain (with examples)
 
 
 
* Methods and techniques bypass memory mitigation techniques
 
* Methods and techniques bypass memory mitigation techniques
 
* Methods and techniques for fuzz testing
 
* Methods and techniques for fuzz testing
Line 47: Line 75:
 
* Methods and techniques web penetration testing
 
* Methods and techniques web penetration testing
   
==== What should a student be able to apply at the end of the course? ====
+
==== Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios? ====
  +
By the end of the course, the students should be able to ...
 
 
* Perform a network discovery
 
* Perform a network discovery
 
* Detect/exploit common weaknesses/vulnerabilities in web applications.
 
* Detect/exploit common weaknesses/vulnerabilities in web applications.
Line 55: Line 83:
 
* Perform fuzzing for a specific use case.
 
* Perform fuzzing for a specific use case.
 
* Perform security assessment for mobile application
 
* Perform security assessment for mobile application
* Perform security analysis for a malicious application
+
* Perform security analysis for a malicious application
  +
== Grading ==
   
=== Course evaluation ===
+
=== Course grading range ===
  +
{| class="wikitable"
 
  +
|+
{| class="wikitable" style="text-align:center"
 
|+ Course grade breakdown
 
! Type
 
! Default points
 
!align="center"| '''Proposed points'''
 
 
|-
 
|-
  +
! Grade !! Range !! Description of performance
| Labs/seminar classes
 
| ?
 
|align="center"| 50
 
 
|-
 
|-
  +
| A. Excellent || 85-100 || -
| Project
 
| ?
+
|-
  +
| B. Good || 70-84 || -
|align="center"| 50
 
  +
|-
  +
| C. Satisfactory || 60-69 || -
  +
|-
  +
| D. Poor || 0-59 || -
 
|}
 
|}
   
  +
=== Course activities and grading breakdown ===
If necessary, please indicate freely your course’s features in terms of students’ performance assessment: The laboratory assessments are particularly taken care of, and the tasks do correspond with the teachings from the lectures.
 
  +
{| class="wikitable"
 
  +
|+
=== Grades range ===
 
 
{| class="wikitable" style="text-align:center"
 
|+ Course grading range
 
! Grade
 
! Default range
 
!align="center"| Proposed range
 
 
|-
 
|-
  +
! Activity Type !! Percentage of the overall course grade
| A. Excellent
 
| 90-100
 
|align="center"| 85-100
 
 
|-
 
|-
  +
| Labs/seminar classes || 50
| B. Good
 
| 75-89
 
|align="center"| 70-84
 
 
|-
 
|-
  +
| Project || 50
| C. Satisfactory
 
| 60-74
 
|align="center"| 60-69
 
|-
 
| D. Poor
 
| 0-59
 
|align="center"| 0-59
 
 
|}
 
|}
   
  +
=== Recommendations for students on how to succeed in the course ===
If necessary, please indicate freely your course’s grading features: The laboratory assignments are mandatory with a required minimum result of 6/10 - including re-takes - to complete the course. As a consequence, the grades are generally pretty high and therefore the grading ranges are scaled up.
 
  +
   
=== Resources and reference material ===
+
== Resources, literature and reference materials ==
   
  +
=== Open access resources ===
 
* Mike O’Leary, Cyber Operations, Second Edition, Apress, 2019
 
* Mike O’Leary, Cyber Operations, Second Edition, Apress, 2019
 
* Ric Messier, Penetration Testing Basics: A Quick-Start Guide to Breaking into Systems, Apress, 2016
 
* Ric Messier, Penetration Testing Basics: A Quick-Start Guide to Breaking into Systems, Apress, 2016
Line 114: Line 127:
 
* Rafay Baloch, Ethical Hacking and Penetration Testing Guide, AuerbachPublications, 2014
 
* Rafay Baloch, Ethical Hacking and Penetration Testing Guide, AuerbachPublications, 2014
   
== Course Sections ==
+
=== Closed access resources ===
   
  +
{| class="wikitable" style="text-align:center"
 
  +
=== Software and tools used within the course ===
|+ Course Sections
 
  +
! Section
 
  +
= Teaching Methodology: Methods, techniques, & activities =
! Section Title
 
  +
!align="center"| Teaching Hours
 
  +
== Activities and Teaching Methods ==
  +
{| class="wikitable"
  +
|+ Activities within each section
 
|-
 
|-
  +
! Learning Activities !! Section 1 !! Section 2 !! Section 3 !! Section 4
| 1
 
| Physical & Software Security
 
|align="center"| 12
 
 
|-
 
|-
  +
| Homework and group projects || 1 || 1 || 1 || 1
| 2
 
| Malware Analysis
 
|align="center"| 4
 
 
|-
 
|-
  +
| Testing (written or computer based) || 1 || 1 || 1 || 1
| 3
 
| Mobile Security
 
|align="center"| 4
 
 
|-
 
|-
  +
| Reports || 1 || 1 || 1 || 1
| 4
 
| Network and Web Security
 
|align="center"| 4
 
 
|-
 
|-
  +
| Discussions || 1 || 1 || 1 || 1
| 5
 
| Labs
+
|}
  +
== Formative Assessment and Course Activities ==
|align="center"| 40
 
|-
 
| 6
 
| Project
 
|align="center"| 24
 
|}
 
 
=== Section 1 ===
 
 
==== Section title: ====
 
Software Security
 
 
==== Topics covered in this section: ====
 
 
* Buffer overflow vulnerability
 
* Format string vulnerability
 
* ASLR defensive technique
 
* NX defensive technique
 
* Fuzzing security testing
 
   
  +
=== Ongoing performance assessment ===
'''What forms of evaluation were used to test students’ performance in this section?'''
 
   
  +
==== Section 1 ====
{| class="wikitable" style="text-align:center"
 
  +
{| class="wikitable"
! Form
 
  +
|+
! Yes/No
 
 
|-
 
|-
  +
! Activity Type !! Content !! Is Graded?
| Development of individual parts of software product code
 
| 0
 
 
|-
 
|-
  +
| Question || What are the pros and cons of using ASLR? does it affect the performance? || 1
| Homework and group projects
 
| 1
 
 
|-
 
|-
  +
| Question || What is the required information to be able to identify a remote libc version? || 1
| Midterm evaluation
 
| 0
 
 
|-
 
|-
  +
| Question || What are the pros and cons of writing your own fuzzer? || 1
| Testing (written or computer based)
 
| 1
 
 
|-
 
|-
  +
| Question || Write an exploit for a given binary, also try to bypass the mitigation techniques || 0
| Reports
 
| 1
 
 
|-
 
|-
  +
| Question || Implement a fuzzer for a specific use-case || 0
| Essays
 
| 0
+
|}
  +
==== Section 2 ====
  +
{| class="wikitable"
  +
|+
 
|-
 
|-
  +
! Activity Type !! Content !! Is Graded?
| Oral polls
 
| 0
 
 
|-
 
|-
  +
| Question || For a given malicious application try to find useful artifacts, for example, find encryption key, C&C server, find commands that server can send || 1
| Discussions
 
| 1
 
|}
 
 
==== Typical questions for ongoing performance evaluation within this section ====
 
 
* What are the pros and cons of using ASLR? does it affect the performance?
 
* What is the required information to be able to identify a remote libc version?
 
* What are the pros and cons of writing your own fuzzer?
 
 
==== Typical questions for seminar classes (labs) within this section ====
 
 
* Write an exploit for a given binary, also try to bypass the mitigation techniques
 
* Implement a fuzzer for a specific use-case
 
 
==== Test questions for final assessment in this section ====
 
 
As above
 
 
=== Section 2 ===
 
 
'''Section title: Malware Analysis'''
 
 
'''Topics covered in this section:'''
 
 
* Malware evasion techniques
 
* Malware injection techniques
 
* Malware artifacts
 
* Virtual Machine environment hardening
 
* Professional malware analysis frameworks and tools
 
 
'''What forms of evaluation were used to test students’ performance in this section?'''
 
 
{| class="wikitable" style="text-align:center"
 
! Form
 
! Yes/No
 
 
|-
 
|-
  +
| Question || while setup an isolated analytic Virtual Machine, What are the required steps for hardening? || 1
| Development of individual parts of software product code
 
| 0
 
 
|-
 
|-
  +
| Question || what are the most commonly used evasion and injection in malware and how can you detect it? || 1
| Homework and group projects
 
| 1
 
 
|-
 
|-
  +
| Question || For a given malicious application try to find the evasion and injection techniques that are used by that application || 0
| Midterm evaluation
 
| 0
 
 
|-
 
|-
  +
| Question || For a given malicious application try to write detection rules to be able to defend against it || 0
| Testing (written or computer based)
 
| 1
 
 
|-
 
|-
  +
| Question || Setup an isolated analytic Virtual Machine and test it against Virtual Machine detection tools || 0
| Reports
 
| 1
+
|}
  +
==== Section 3 ====
  +
{| class="wikitable"
  +
|+
 
|-
 
|-
  +
! Activity Type !! Content !! Is Graded?
| Essays
 
| 0
 
 
|-
 
|-
  +
| Question || What privilege does root or jailbreak gives you? is it mandatory for security testing? || 1
| Oral polls
 
| 0
 
 
|-
 
|-
  +
| Question || What is the difference from the security perspective between some version of an old mobile operation system || 1
| Discussions
 
| 1
 
|}
 
 
'''Typical questions for ongoing performance evaluation within this section'''
 
 
* For a given malicious application try to find useful artifacts, for example, find encryption key, C&C server, find commands that server can send
 
* while setup an isolated analytic Virtual Machine, What are the required steps for hardening?
 
* what are the most commonly used evasion and injection in malware and how can you detect it?
 
 
'''Typical questions for seminar classes (labs) within this section'''
 
 
* For a given malicious application try to find the evasion and injection techniques that are used by that application
 
* For a given malicious application try to write detection rules to be able to defend against it
 
* Setup an isolated analytic Virtual Machine and test it against Virtual Machine detection tools
 
 
'''Test questions for final assessment in this section'''
 
 
As above
 
 
=== Section 3 ===
 
 
'''Section title: Mobile Security'''
 
 
'''Topics covered in this section:'''
 
 
* Mobile architecture
 
* Mobile security testing
 
* Detection of mobile malware
 
* Professional mobile security testing frameworks and tools
 
 
'''What forms of evaluation were used to test students’ performance in this section?'''
 
 
{| class="wikitable" style="text-align:center"
 
! Form
 
! Yes/No
 
 
|-
 
|-
  +
| Question || what is the pros and cons of mobile security testing? || 1
| Development of individual parts of software product code
 
| 0
 
 
|-
 
|-
  +
| Question || For a given malicious application try to find the evasion and injection techniques that are used by that application || 0
| Homework and group projects
 
| 1
 
 
|-
 
|-
  +
| Question || Setup an automated mobile security testing solution and test a given application || 0
| Midterm evaluation
 
| 0
 
 
|-
 
|-
  +
| Question || try to bypass some of the security mechanisms that are enabled either on the application or on the operating system level || 0
| Testing (written or computer based)
 
| 1
+
|}
  +
==== Section 4 ====
  +
{| class="wikitable"
  +
|+
 
|-
 
|-
  +
! Activity Type !! Content !! Is Graded?
| Reports
 
| 1
 
 
|-
 
|-
  +
| Question || What is the difference between boolean-based and time-based SQL injection? || 1
| Essays
 
| 0
 
 
|-
 
|-
  +
| Question || Can regex matching protect against Directory Traversal attack? || 1
| Oral polls
 
| 0
 
 
|-
 
|-
  +
| Question || Does the Same Origin Policy apply to the localStorage inside the browser? || 1
| Discussions
 
| 1
 
|}
 
 
'''Typical questions for ongoing performance evaluation within this section'''
 
 
* What privilege does root or jailbreak gives you? is it mandatory for security testing?
 
* What is the difference from the security perspective between some version of an old mobile operation system
 
* what is the pros and cons of mobile security testing?
 
 
'''Typical questions for seminar classes (labs) within this section'''
 
 
* For a given malicious application try to find the evasion and injection techniques that are used by that application
 
* Setup an automated mobile security testing solution and test a given application
 
* try to bypass some of the security mechanisms that are enabled either on the application or on the operating system level
 
 
'''Test questions for final assessment in this section'''
 
 
As above
 
 
=== Section 4 ===
 
 
'''Section title: Network and Web Security'''
 
 
'''Topics covered in this section:'''
 
 
* Injection Flows
 
* Cookies Flows
 
* Server Misconfiguration
 
* Network Misconfiguration
 
 
'''What forms of evaluation were used to test students’ performance in this section?'''
 
 
{| class="wikitable" style="text-align:center"
 
! Form
 
! Yes/No
 
 
|-
 
|-
  +
| Question || Vulnerability analysis and exploitation for a given web application || 0
| Development of individual parts of software product code
 
| 0
 
 
|-
 
|-
  +
| Question || Write and deploy WAF rules to mitigate a specific web attack || 0
| Homework and group projects
 
| 1
+
|}
  +
=== Final assessment ===
|-
 
  +
'''Section 1'''
| Midterm evaluation
 
  +
# As above
| 0
 
  +
'''Section 2'''
|-
 
  +
# As above
| Testing (written or computer based)
 
  +
'''Section 3'''
| 1
 
  +
# As above
|-
 
  +
'''Section 4'''
| Reports
 
  +
# As above
| 1
 
|-
 
| Essays
 
| 0
 
|-
 
| Oral polls
 
| 0
 
|-
 
| Discussions
 
| 1
 
|}
 
 
'''Typical questions for ongoing performance evaluation within this section'''
 
 
* What is the difference between boolean-based and time-based SQL injection?
 
* Can regex matching protect against Directory Traversal attack?
 
* Does the Same Origin Policy apply to the localStorage inside the browser?
 
   
  +
=== The retake exam ===
'''Typical questions for seminar classes (labs) within this section'''
 
  +
'''Section 1'''
   
  +
'''Section 2'''
* Vulnerability analysis and exploitation for a given web application
 
* Write and deploy WAF rules to mitigate a specific web attack
 
   
  +
'''Section 3'''
'''Test questions for final assessment in this section'''
 
   
  +
'''Section 4'''
As above
 

Latest revision as of 11:57, 29 August 2022

Offensive Technologies

  • Course name: Offensive Technologies
  • Code discipline: ?
  • Subject area:

Short Description

This course covers the following concepts: Software Security; Malware Analysis; Mobile Security; Network and Web Security.

Prerequisites

Prerequisite subjects

  • The course has been designed to be self-included as much as possible. The successful completion will depend on prerequisite courses such as:
  • CSE522 - Advanced Security
  • Essential skills
  • Classical Internet Applications

Prerequisite topics

Course Topics

Course Sections and Topics
Section Topics within the section
Software Security
  1. Buffer overflow vulnerability
  2. Format string vulnerability
  3. ASLR defensive technique
  4. NX defensive technique
  5. Fuzzing security testing
Malware Analysis
  1. Malware evasion techniques
  2. Malware injection techniques
  3. Malware artifacts
  4. Virtual Machine environment hardening
  5. Professional malware analysis frameworks and tools
Mobile Security
  1. Mobile architecture
  2. Mobile security testing
  3. Detection of mobile malware
  4. Professional mobile security testing frameworks and tools
Network and Web Security
  1. Injection Flows
  2. Cookies Flows
  3. Server Misconfiguration
  4. Network Misconfiguration

Intended Learning Outcomes (ILOs)

What is the main purpose of this course?

Offensive Technology introduces methods, tools, and techniques to the students to assess the security of different services, protocols, and applications. The course aims to expose the students to real-world expertise from a security perspective and let them find vulnerabilities in both software and hardware, Also in this course, the students will learn how to analyze a malicious application and how they can understand the behavior of this application and deploy the appropriate defenses against this application. Furthermore, the students will develop projects of their choice to show their skills. In this course, the students will particularly focus on Software Testing, Fuzzing, Malware Analysis, Mobile Security, and Network and Web Security.

ILOs defined at three levels

Level 1: What concepts should a student know/remember/explain?

By the end of the course, the students should be able to ...

  • Common weaknesses/vulnerabilities in web application
  • ASLR, NX, and how are these techniques can help to protect against a malicious attacker
  • Fuzzing techniques
  • Malware C&C server
  • Process injection techniques that are used in malware and how to defend against it
  • Mobile security analysis

Level 2: What basic practical skills should a student be able to perform?

By the end of the course, the students should be able to ...

  • Methods and techniques bypass memory mitigation techniques
  • Methods and techniques for fuzz testing
  • Methods and techniques malware analysis
  • Methods and techniques for mobile security testing
  • Methods and techniques web penetration testing

Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios?

By the end of the course, the students should be able to ...

  • Perform a network discovery
  • Detect/exploit common weaknesses/vulnerabilities in web applications.
  • Detect vulnerabilities in software.
  • Writing an exploit to bypass ASLR and NX protection.
  • Perform fuzzing for a specific use case.
  • Perform security assessment for mobile application
  • Perform security analysis for a malicious application

Grading

Course grading range

Grade Range Description of performance
A. Excellent 85-100 -
B. Good 70-84 -
C. Satisfactory 60-69 -
D. Poor 0-59 -

Course activities and grading breakdown

Activity Type Percentage of the overall course grade
Labs/seminar classes 50
Project 50

Recommendations for students on how to succeed in the course

Resources, literature and reference materials

Open access resources

  • Mike O’Leary, Cyber Operations, Second Edition, Apress, 2019
  • Ric Messier, Penetration Testing Basics: A Quick-Start Guide to Breaking into Systems, Apress, 2016
  • Michal Zalewsk, The Tangled Web, No Starch Press, 2011
  • Jon Erickson, Hacking: The Art of Exploitation, 2nd Edition, No StarchPress, 2008
  • The Fuzzing Bookhttps://www.fuzzingbook.org
  • Wil Allsopp, Advanced Penetration Testing: Hacking the World’s most secure Networks, Wiley, 2017
  • Dafydd Stuttard, The Web Application Hacker’s Handbook: Finding and exploiting Security Flaws, 2nd edition, Wiley, 2011
  • Rafay Baloch, Ethical Hacking and Penetration Testing Guide, AuerbachPublications, 2014

Closed access resources

Software and tools used within the course

Teaching Methodology: Methods, techniques, & activities

Activities and Teaching Methods

Activities within each section
Learning Activities Section 1 Section 2 Section 3 Section 4
Homework and group projects 1 1 1 1
Testing (written or computer based) 1 1 1 1
Reports 1 1 1 1
Discussions 1 1 1 1

Formative Assessment and Course Activities

Ongoing performance assessment

Section 1

Activity Type Content Is Graded?
Question What are the pros and cons of using ASLR? does it affect the performance? 1
Question What is the required information to be able to identify a remote libc version? 1
Question What are the pros and cons of writing your own fuzzer? 1
Question Write an exploit for a given binary, also try to bypass the mitigation techniques 0
Question Implement a fuzzer for a specific use-case 0

Section 2

Activity Type Content Is Graded?
Question For a given malicious application try to find useful artifacts, for example, find encryption key, C&C server, find commands that server can send 1
Question while setup an isolated analytic Virtual Machine, What are the required steps for hardening? 1
Question what are the most commonly used evasion and injection in malware and how can you detect it? 1
Question For a given malicious application try to find the evasion and injection techniques that are used by that application 0
Question For a given malicious application try to write detection rules to be able to defend against it 0
Question Setup an isolated analytic Virtual Machine and test it against Virtual Machine detection tools 0

Section 3

Activity Type Content Is Graded?
Question What privilege does root or jailbreak gives you? is it mandatory for security testing? 1
Question What is the difference from the security perspective between some version of an old mobile operation system 1
Question what is the pros and cons of mobile security testing? 1
Question For a given malicious application try to find the evasion and injection techniques that are used by that application 0
Question Setup an automated mobile security testing solution and test a given application 0
Question try to bypass some of the security mechanisms that are enabled either on the application or on the operating system level 0

Section 4

Activity Type Content Is Graded?
Question What is the difference between boolean-based and time-based SQL injection? 1
Question Can regex matching protect against Directory Traversal attack? 1
Question Does the Same Origin Policy apply to the localStorage inside the browser? 1
Question Vulnerability analysis and exploitation for a given web application 0
Question Write and deploy WAF rules to mitigate a specific web attack 0

Final assessment

Section 1

  1. As above

Section 2

  1. As above

Section 3

  1. As above

Section 4

  1. As above

The retake exam

Section 1

Section 2

Section 3

Section 4