Difference between revisions of "Summerschool Aachen 2005/Challenges"

From C4 Wiki
Jump to: navigation, search
m (Reverted edits by Oxudocopaj (talk) to last revision by 134.130.246.232)
 
(14 intermediate revisions by 10 users not shown)
Line 1: Line 1:
* Daniel & Yves - glibc 2.3.5 look at how to exploit heap-based overflows (avoiding the checks)
 
* Typo & Ilja - 0wn putty
 
** Update: We found some exploitable bugs. --[[User:Typo|Typo]] 18:10, 20 Sep 2005 (CEST)
 
* Christian feat. Max - verBOTen - a bot that mirrors only that stuff that is protected by robots.txt
 
* Max: Exif_Thumb finish last years project - '''done''' see [http://lufgi4.informatik.rwth-aachen.de/projects/hiddendata/show]
 
 
 
== Open Challenges ==
 
== Open Challenges ==
  
 +
*[http://ilja.netric.org/chall/ formatstringbug and race condition challanges (more challanges on the way)]
 
*extend p0f to fingerrprint ScaPy (default) packets
 
*extend p0f to fingerrprint ScaPy (default) packets
 
*find a way to fingerprint  
 
*find a way to fingerprint  
Line 17: Line 12:
 
*Build a minimal DHCP Server on ScaPy
 
*Build a minimal DHCP Server on ScaPy
 
*Build an Fingerprinting Tool for
 
*Build an Fingerprinting Tool for
** dhcp
+
** dhcp
 
** rsync
 
** rsync
 
** ssh
 
** ssh
** ssl
 
 
* Look into timing/fingerprinting SSH
 
* Look into timing/fingerprinting SSH
 
** (avoidance)
 
** (avoidance)
 +
* Write a chapter for [[/TheBook]]
 +
 +
== Challenges in Progress ==
 +
 +
* Daniel & Yves - glibc 2.3.5 look at how to exploit heap-based overflows (avoiding the checks)
 +
* Typo & Ilja - 0wn putty
 +
** Update: We found some exploitable bugs. --[[User:Typo|Typo]] 18:10, 20 Sep 2005 (CEST)
 +
* Max feat. Christian: [[/SSL fingerprinting]]
 +
* Chris - Fake driver to replace Apple's IOI2CMotionSensor for further reverse engineering of the motion sensor driver
 +
* Lorenzo
 +
** Pick Ilja's challenges up (didn't look at labsession.pdf yet; it should contain more challenges)
 +
** Just started a glibc function fuzzer (even if I guess it will take long time, tho :-)
 +
** "Genetic exploit" [to try] to fight against real address space layout randomization. Is it feasible/worth working on? I don't know yet :-) (I'm just starting to think about it; lot of hypotheses and scenario. main issues: fitness function, little knowledge about genetic algorithms :-\)
 +
* Emin
 +
** A Bluetooth-device scanner based on ScaPy
 +
 +
== Finished Challanges ==
 +
 +
* Max: Exif_Thumb finish last years project - '''done''' see [http://lufgi4.informatik.rwth-aachen.de/projects/hiddendata/show] [http://lufgi4.informatik.rwth-aachen.de/news/show/demonstration-of-jpeg-exif-thumbnail-information-disclosure-available]
 +
* Max: RSS fuzzer - '''done''' see http://blogs.23.nu/disLEXia/stories/9928/
 +
* Christian feat. Max - [http://lufgi4.informatik.rwth-aachen.de/projects/robots verBOTen] - a bot that mirrors only that stuff that is protected by robots.txt see also [http://blogs.23.nu/disLEXia/stories/9963/]
 +
[[Category:Summerschools]]

Latest revision as of 17:36, 24 November 2010

Open Challenges

Challenges in Progress

  • Daniel & Yves - glibc 2.3.5 look at how to exploit heap-based overflows (avoiding the checks)
  • Typo & Ilja - 0wn putty
    • Update: We found some exploitable bugs. --Typo 18:10, 20 Sep 2005 (CEST)
  • Max feat. Christian: /SSL fingerprinting
  • Chris - Fake driver to replace Apple's IOI2CMotionSensor for further reverse engineering of the motion sensor driver
  • Lorenzo
    • Pick Ilja's challenges up (didn't look at labsession.pdf yet; it should contain more challenges)
    • Just started a glibc function fuzzer (even if I guess it will take long time, tho :-)
    • "Genetic exploit" [to try] to fight against real address space layout randomization. Is it feasible/worth working on? I don't know yet :-) (I'm just starting to think about it; lot of hypotheses and scenario. main issues: fitness function, little knowledge about genetic algorithms :-\)
  • Emin
    • A Bluetooth-device scanner based on ScaPy

Finished Challanges