|
|
(7 intermediate revisions by one other user not shown) |
Line 1: |
Line 1: |
| + | cogetdomta |
| '''Warning:''' The schedule is somewhat messed up. It needs to be synced with the 'official' schedule. | | '''Warning:''' The schedule is somewhat messed up. It needs to be synced with the 'official' schedule. |
| | | |
Line 5: |
Line 6: |
| | | |
| | | |
− | === Tue 20. ===
| + | |
− | **Lecture: Stack and Heap Overflows (Christian Klein) [http://c0re.23.nu/~chris/presentations/overflow2005.pdf PDF], [http://untergrund.bewaff.net/~chris/bo/ examples]
| + | |
− | **Lab: Stack and heap overflows – the basics, the techniques (Christian Klein, Ilja van Sprundel)
| |
− | ***[http://ilja.netric.org/files/labsession.pdf Ilja's Challanges]
| |
− | ***[http://community.core-sdi.com/~gera/InsecureProgramming/ Gera's Challanges]
| |
− | ***[http://www.insecure.org/stf/smashstack.txt Smashing The Stack For Fun And Profit]
| |
− | ***[http://www.enderunix.org/docs/eng/bof-eng.txt Buffer overflows demystified]
| |
− | ***[http://www.w00w00.org/files/articles/heaptut.txt w00w00 on Heap Overflows]
| |
− | ** CoffeeTableTalk: More Heap Overflows (Ilja van Sprundel) [http://md.hudora.de/presentations/summerschool/2005-09-21/vansprundel-ctt-heapoverflows.pdf PDF]
| |
− | **Evening: Visit at the CCCCologne (Maximillian Dornseif)
| |
| === Wed 21. === | | === Wed 21. === |
− | **Lecture:
| + | *[http://www.secdev.org/projects/scapy/ ScaPy] |
− | ***Fingerprinting (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-21/fingerprinting.pdf PDF]
| + | * Tech Report 'till then: (Yves Younan & Daniel Hodson) [http://vault.fort-knox.org/~yyounan/techreport-summerschool.pdf PDF] |
− | ***[http://www.secdev.org/projects/scapy/ ScaPy] (Philippe Biondi) [http://static.23.nu/md/Pictures/scapy-Aachen.pdf PDF] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/bondy-scapy-2005-09-21.mov MOV]
| |
− | **Lab: Play with ScaPy, scanning the net (Philippe Biondi, Maximillian Dornseif)
| |
− | **Coffee Table Talk: HeapOverflow Protection (Yves Younan) [http://vault.fort-knox.org/~yyounan/dnmalloc-summerschool.pdf PDF]
| |
− | ** Tech Report 'till then: (Yves Younan & Daniel Hodson) [http://vault.fort-knox.org/~yyounan/techreport-summerschool.pdf PDF]
| |
− | | |
− | === Thu 22. ===
| |
− | **Lecture: Formatstring bugs [http://ilja.netric.org/files/The%20dangers%20of%20formatstring%20bugs.pdf PDF] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/vansprundel-formatstrings-2005-09-22.mov MOV] and Race conditions [http://static.23.nu/md/Pictures/race.pdf PDF] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/vansprundel-races-2005-09-22.mov MOV] (Ilja van Sprundel)
| |
− | **Lab: Find an exploit, write an advisory
| |
− | **Coffee Table Talk: The Game of Go (Paul Boehm) [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/boehm-go-2005-09-22.mov MOV]
| |
| | | |
| === Fri 23. === | | === Fri 23. === |
− | **Lecture: Fuzzing (Ilja van Sprundel) [http://static.23.nu/md/Pictures/FUZZING.PDF PDF] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/vansprundel-fuzzing-2005-09-23.mov MOV]
| + | Fuzzing - [http://ieeexplore.ieee.org/iel5/8013/30742/01423963.pdf?tp=&arnumber=1423963&isnumber=30742 Paper Ilja talked about] (free on the RWTH campus) |
− | ***[http://ieeexplore.ieee.org/iel5/8013/30742/01423963.pdf?tp=&arnumber=1423963&isnumber=30742 Paper Ilja talked about] (free on the RWTH campus)
| |
− | **Lab: Fuzz whatever you can get your hands on (Ilja van Sprundel)
| |
− | **CoffeeTableTalk the scene (Christian Klein)
| |
− | **Evening: Visit at the Netzladen
| |
− | ** Tech Report 'till then: Harald Vogt & NN
| |
| | | |
| === Mon 26. === | | === Mon 26. === |
Line 45: |
Line 24: |
| | | |
| === Tue 27. === | | === Tue 27. === |
− | **Lecture: Breaking the web (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-27/WebHacking.pdf PDF] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/dornseif-web-2005-09-27.mov MOV], [http://md.hudora.de/presentations/wehrmann-xss.pdf XSS Thesis]. | + | * [http://md.hudora.de/presentations/wehrmann-xss.pdf XSS Thesis]. |
− | **Lab: Breaking the Web for real (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-27/WebHackLab.pdf PDF] [[/Exercises]] | + | * [[/Exercises]] |
− | **Coffee Table Talk: Security, Science and Education (Felix Freiling), Security Visualisation (Florian Mansmann) [http://static.23.nu/md/Pictures/Visualisation.pdf PDF]
| + | |
− | **Evening: CCCAC
| |
| | | |
− | === Wed 28. ===
| |
− | **Lecture:
| |
− | ***Malware (Christian Klein) [[http://www.uni-bonn.de/~kleinc/Virus-2005.pdf PDF]]
| |
− | ***Botnets, Firewall traversal, distributed C&C (Thorsten Holz)
| |
− | **CoffeeTableTalk: Breaking VPNs (Lars Völker) [http://www.tm.uka.de/~voelker/summerschool/LarsV%f6lker_summerschool2005_%20breaking_VPNs_beta_Slides.pdf pdf]
| |
− | **Lab:
| |
| | | |
| === Thu 29. === | | === Thu 29. === |
− | **Lecture:
| + | *CoffeeTableTalk: the topology of covert conflict (Shishir Nagaraja) [[http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-637.html Paper]] |
− | ***Attacking Anonymity Systems (Lexi Pimenidis)
| |
− | ***Sniffing, Spoofing (ThorstenHolz) [[http://www.mmweg.rwth-aachen.de/~thorsten.holz/summerschool/ slides here]]
| |
− | **Lab:
| |
− | ** Coffee Table Talk: Secure Software (Paul Boehm)
| |
− | **CoffeeTableTalk: the topology of covert conflict (Shishir Nagaraja) [[http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-637.html Paper]]
| |
− | **Evening: Party (Felix Freiling)
| |
| | | |
| === Fri 30. === | | === Fri 30. === |
Line 71: |
Line 37: |
| **** [http://www.fuckallyall.com/article1585.html Cat Schwarz Example] [http://www.snopes.com/photos/risque/kettle.asp Reflections] | | **** [http://www.fuckallyall.com/article1585.html Cat Schwarz Example] [http://www.snopes.com/photos/risque/kettle.asp Reflections] |
| **Fix loose ends | | **Fix loose ends |
| + | [[Category:Summerschools]] |