Difference between revisions of "Summerschool Aachen 2005/Schedule"

From C4 Wiki
Jump to: navigation, search
(Ilja's CTT PDF added)
 
(55 intermediate revisions by 23 users not shown)
Line 1: Line 1:
 +
cogetdomta
 +
'''Warning:''' The schedule is somewhat messed up. It needs to be synced with the 'official' schedule.
 +
 
==Course Schedule==
 
==Course Schedule==
  
*'''Mon 19.'''
 
**Lecture:
 
***Introduction (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-19/SummmerschoolIntro.pdf PDF]
 
***Hardware Security (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-19/HardwareHackingAndAttacking.pdf PDF]
 
**Lab: Get Started, Wargames on the Net, Unscrew things. (Maximillian Dornseif)
 
***Coffee Table Talk: Lock Picking (Patrick Hof, Jens Liebchen)
 
*'''Tue 20.'''
 
**Lecture: Stack and Heap Overflows (Christian Klein) [http://c0re.23.nu/~chris/presentations/overflow2005.pdf PDF], [http://untergrund.bewaff.net/~chris/bo/ examples]
 
**Lab: Stack and heap overflows – the basics, the techniques (Christian Klein, Ilja van Sprundel)
 
***[http://ilja.netric.org/files/labsession.pdf Ilja's Challanges]
 
***[http://community.core-sdi.com/~gera/InsecureProgramming/ Gera's Challanges]
 
***[http://www.insecure.org/stf/smashstack.txt Smashing The Stack For Fun And Profit]
 
***[http://www.enderunix.org/docs/eng/bof-eng.txt Buffer overflows demystified]
 
***[http://www.w00w00.org/files/articles/heaptut.txt w00w00 on Heap Overflows]
 
** CoffeeTableTalk: More Heap Overflows (Ilja van Sprundel) [http://md.hudora.de/presentations/summerschool/2005-09-21/vansprundel-ctt-heapoverflows.pdf PDF]
 
**Evening: Visit at the CCCCologne (Maximillian Dornseif)
 
*'''Wed 21.'''
 
**Lecture:
 
***Fingerprinting (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-21/fingerprinting.pdf PDF]
 
***[http://www.secdev.org/projects/scapy/ ScaPy] (Philippe Bondy) [http://static.23.nu/md/Pictures/scapy-Aachen.pdf PDF]
 
**Lab: Play with ScaPy, scanning the net (Philippe Bondy, Maximillian Dornseif)
 
**Coffee Table Talk: HeapOverflow Protection (Yves Younan)
 
*'''Thu 22.'''
 
**Lecture: Formatstring bugs and Race conditions (Ilja van Sprundel)
 
**Lab: Find an exploit, write an advisory
 
**Coffee Table Talk: The Game of Go (Paul Boehm)
 
*'''Fri 23.'''
 
**Lecture: Fuzzing (Ilja van Sprundel)
 
**Lab: Fuzz whatever you can get your hands on (Ilja van Sprundel)
 
**Evening: Visit at the Netzladen
 
  
*'''Mon 26.'''
+
 
 +
 
 +
 
 +
=== Wed 21. ===
 +
*[http://www.secdev.org/projects/scapy/ ScaPy]
 +
* Tech Report 'till then: (Yves Younan & Daniel Hodson) [http://vault.fort-knox.org/~yyounan/techreport-summerschool.pdf PDF]
 +
 
 +
=== Fri 23. ===
 +
Fuzzing - [http://ieeexplore.ieee.org/iel5/8013/30742/01423963.pdf?tp=&arnumber=1423963&isnumber=30742 Paper Ilja talked about] (free on the RWTH campus)
 +
 
 +
=== Mon 26. ===
 
**Lecture:
 
**Lecture:
 
***Forensics / hidden data in documents (Maximillian Dornseif)
 
***Forensics / hidden data in documents (Maximillian Dornseif)
***OracleSecurity (Alexander Konbrust)
+
***OracleSecurity (Alexander Konbrust) [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/kornbrust-oracle1-2005-09-26.mov MOV1] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/kornbrust-oracle2-2005-09-26.mov MOV2] [http://www.red-database-security.com/wp/IT_summerschool_Books_and_Websites.pdf Intro/pdf] [http://www.red-database-security.com/wp/google_oracle_hacking_us.pdf Google hacking Oracle] [http://www.red-database-security.com/wp/IT_summerschool_Oracle_Database_Basic_Hardening_and_Common_Exploits.pdf Hardening and Common Exploits/pdf] [http://www.red-database-security.com/wp/IT_summerschool_db_rootkits.pdf rootkits/pdf]
**Lab: Playing with Oracle (Alexander Konbrust & Christian Klein)
+
**Lab: Playing with [[/Oracle]] (Alexander Konbrust & Christian Klein)
 +
**Coffe Table Talk: Signature Forging and PIN observation (Marek Kumpost)
 
**Evening:
 
**Evening:
*'''Tue 27.'''
+
 
**Lecture: Breaking the web (Maximillian Dornseif)
+
=== Tue 27. ===
**Lab: Breaking the Web for real (Maximillian Dornseif)
+
* [http://md.hudora.de/presentations/wehrmann-xss.pdf XSS Thesis].
***Coffee Table Talk: Security, Science and Education (Felix Freiling)
+
* [[/Exercises]]
**Evening: CCCAC
+
 
*'''Wed 28.'''
+
 
**Lecture:
+
 
***Malware (Christian Klein)
+
=== Thu 29. ===
***Botnets, Firewall traversal, distributed C&C (Thorsten Holz)
+
*CoffeeTableTalk: the topology of covert conflict (Shishir Nagaraja) [[http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-637.html Paper]]
**Lab:
+
 
*'''Thu 29.'''
+
=== Fri 30. ===
 
**Lecture:
 
**Lecture:
***Attacking Anonymity Systems (Lexi Pimenidis)
+
*** Forensics (Maximillian Dornseif)
***Sniffing, Spoofing (ThorstenHolz)
+
**** [http://www.fuckallyall.com/article1585.html Cat Schwarz Example] [http://www.snopes.com/photos/risque/kettle.asp Reflections]
**Lab:
 
**Evening: Party (Felix Freiling)
 
*'''Fri 30.'''
 
 
**Fix loose ends
 
**Fix loose ends
**Wargame (Lexi Pimenidis, Mercy and Ilja van Sprundel)
+
[[Category:Summerschools]]

Latest revision as of 01:04, 17 October 2007

cogetdomta Warning: The schedule is somewhat messed up. It needs to be synced with the 'official' schedule.

Course Schedule

Wed 21.

  • ScaPy
  • Tech Report 'till then: (Yves Younan & Daniel Hodson) PDF

Fri 23.

Fuzzing - Paper Ilja talked about (free on the RWTH campus)

Mon 26.

Tue 27.


Thu 29.

  • CoffeeTableTalk: the topology of covert conflict (Shishir Nagaraja) [Paper]

Fri 30.