Difference between revisions of "Summerschool Aachen 2005/Schedule"

From C4 Wiki
Jump to: navigation, search
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
cogetdomta
 
'''Warning:''' The schedule is somewhat messed up. It needs to be synced with the 'official' schedule.
 
'''Warning:''' The schedule is somewhat messed up. It needs to be synced with the 'official' schedule.
  
 
==Course Schedule==
 
==Course Schedule==
  
=== Mon 19. ===
+
 
**Lecture:
+
 
***Introduction (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-19/SummmerschoolIntro.pdf PDF]
+
 
***Hardware Security (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-19/HardwareHackingAndAttacking.pdf PDF]
+
 
**Lab: Get Started, Wargames on the Net, Unscrew things. (Maximillian Dornseif)
 
***Coffee Table Talk: Lock Picking (Patrick Hof, Jens Liebchen)
 
=== Tue 20. ===
 
**Lecture: Stack and Heap Overflows (Christian Klein) [http://c0re.23.nu/~chris/presentations/overflow2005.pdf PDF], [http://untergrund.bewaff.net/~chris/bo/ examples]
 
**Lab: Stack and heap overflows – the basics, the techniques (Christian Klein, Ilja van Sprundel)
 
***[http://ilja.netric.org/files/labsession.pdf Ilja's Challanges]
 
***[http://community.core-sdi.com/~gera/InsecureProgramming/ Gera's Challanges]
 
***[http://www.insecure.org/stf/smashstack.txt Smashing The Stack For Fun And Profit]
 
***[http://www.enderunix.org/docs/eng/bof-eng.txt Buffer overflows demystified]
 
***[http://www.w00w00.org/files/articles/heaptut.txt w00w00 on Heap Overflows]
 
** CoffeeTableTalk: More Heap Overflows (Ilja van Sprundel) [http://md.hudora.de/presentations/summerschool/2005-09-21/vansprundel-ctt-heapoverflows.pdf PDF]
 
**Evening: Visit at the CCCCologne (Maximillian Dornseif)
 
 
=== Wed 21. ===
 
=== Wed 21. ===
**Lecture:
+
*[http://www.secdev.org/projects/scapy/ ScaPy]
***Fingerprinting (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-21/fingerprinting.pdf PDF]
+
* Tech Report 'till then: (Yves Younan & Daniel Hodson) [http://vault.fort-knox.org/~yyounan/techreport-summerschool.pdf PDF]
***[http://www.secdev.org/projects/scapy/ ScaPy] (Philippe Biondi) [http://static.23.nu/md/Pictures/scapy-Aachen.pdf PDF] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/bondy-scapy-2005-09-21.mov MOV]
 
**Lab: Play with ScaPy, scanning the net (Philippe Biondi, Maximillian Dornseif)
 
**Coffee Table Talk: HeapOverflow Protection (Yves Younan) [http://vault.fort-knox.org/~yyounan/dnmalloc-summerschool.pdf PDF]
 
** Tech Report 'till then: (Yves Younan & Daniel Hodson) [http://vault.fort-knox.org/~yyounan/techreport-summerschool.pdf PDF]
 
 
 
=== Thu 22. ===
 
**Lecture: Formatstring bugs [http://ilja.netric.org/files/The%20dangers%20of%20formatstring%20bugs.pdf PDF]  [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/vansprundel-formatstrings-2005-09-22.mov MOV] and Race conditions [http://static.23.nu/md/Pictures/race.pdf PDF] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/vansprundel-races-2005-09-22.mov MOV] (Ilja van Sprundel)
 
**Lab: Find an exploit, write an advisory
 
**Coffee Table Talk: The Game of Go (Paul Boehm) [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/boehm-go-2005-09-22.mov MOV]
 
  
 
=== Fri 23. ===
 
=== Fri 23. ===
**Lecture: Fuzzing (Ilja van Sprundel) [http://static.23.nu/md/Pictures/FUZZING.PDF PDF] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/vansprundel-fuzzing-2005-09-23.mov MOV]
+
Fuzzing - [http://ieeexplore.ieee.org/iel5/8013/30742/01423963.pdf?tp=&arnumber=1423963&isnumber=30742 Paper Ilja talked about] (free on the RWTH campus)
***[http://ieeexplore.ieee.org/iel5/8013/30742/01423963.pdf?tp=&arnumber=1423963&isnumber=30742 Paper Ilja talked about] (free on the RWTH campus)
 
**Lab: Fuzz whatever you can get your hands on (Ilja van Sprundel)
 
**CoffeeTableTalk the scene (Christian Klein)
 
**Evening: Visit at the Netzladen
 
** Tech Report 'till then: Harald Vogt & NN
 
  
 
=== Mon 26. ===
 
=== Mon 26. ===
Line 44: Line 19:
 
***Forensics / hidden data in documents (Maximillian Dornseif)
 
***Forensics / hidden data in documents (Maximillian Dornseif)
 
***OracleSecurity (Alexander Konbrust) [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/kornbrust-oracle1-2005-09-26.mov MOV1] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/kornbrust-oracle2-2005-09-26.mov MOV2] [http://www.red-database-security.com/wp/IT_summerschool_Books_and_Websites.pdf Intro/pdf] [http://www.red-database-security.com/wp/google_oracle_hacking_us.pdf Google hacking Oracle] [http://www.red-database-security.com/wp/IT_summerschool_Oracle_Database_Basic_Hardening_and_Common_Exploits.pdf Hardening and Common Exploits/pdf] [http://www.red-database-security.com/wp/IT_summerschool_db_rootkits.pdf rootkits/pdf]
 
***OracleSecurity (Alexander Konbrust) [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/kornbrust-oracle1-2005-09-26.mov MOV1] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/kornbrust-oracle2-2005-09-26.mov MOV2] [http://www.red-database-security.com/wp/IT_summerschool_Books_and_Websites.pdf Intro/pdf] [http://www.red-database-security.com/wp/google_oracle_hacking_us.pdf Google hacking Oracle] [http://www.red-database-security.com/wp/IT_summerschool_Oracle_Database_Basic_Hardening_and_Common_Exploits.pdf Hardening and Common Exploits/pdf] [http://www.red-database-security.com/wp/IT_summerschool_db_rootkits.pdf rootkits/pdf]
 
 
 
**Lab: Playing with [[/Oracle]] (Alexander Konbrust & Christian Klein)
 
**Lab: Playing with [[/Oracle]] (Alexander Konbrust & Christian Klein)
 
**Coffe Table Talk: Signature Forging and PIN observation (Marek Kumpost)
 
**Coffe Table Talk: Signature Forging and PIN observation (Marek Kumpost)
Line 51: Line 24:
  
 
=== Tue 27. ===
 
=== Tue 27. ===
**Lecture: Breaking the web (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-27/WebHacking.pdf PDF] [http://lufgi4.informatik.rwth-aachen.de/movies/summerschool/dornseif-web-2005-09-27.mov MOV], [http://md.hudora.de/presentations/wehrmann-xss.pdf XSS Thesis].
+
* [http://md.hudora.de/presentations/wehrmann-xss.pdf XSS Thesis].
**Lab: Breaking the Web for real (Maximillian Dornseif) [http://md.hudora.de/presentations/summerschool/2005-09-27/WebHackLab.pdf PDF] [[/Exercises]]
+
* [[/Exercises]]
**Coffee Table Talk: Security, Science and Education (Felix Freiling), Security Visualisation (Florian Mansmann) [http://static.23.nu/md/Pictures/Visualisation.pdf PDF]
+
 
**Evening: CCCAC
 
  
=== Wed 28. ===
 
**Lecture:
 
***Malware (Christian Klein) [[http://www.uni-bonn.de/~kleinc/Virus-2005.pdf  PDF]]
 
***Botnets, Firewall traversal, distributed C&C (Thorsten Holz)
 
**CoffeeTableTalk: Breaking VPNs (Lars Völker)
 
**Lab:
 
  
 
=== Thu 29. ===
 
=== Thu 29. ===
**Lecture:
+
*CoffeeTableTalk: the topology of covert conflict (Shishir Nagaraja) [[http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-637.html Paper]]
***Attacking Anonymity Systems (Lexi Pimenidis)
 
***Sniffing, Spoofing (ThorstenHolz) [[http://www.mmweg.rwth-aachen.de/~thorsten.holz/summerschool/  slides here]]
 
**Lab:
 
** Coffee Table Talk: Secure Software (Paul Boehm)
 
**CoffeeTableTalk: the topology of covert conflict (Shishir Nagaraja) [[http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-637.html Paper]]
 
**Evening: Party (Felix Freiling)
 
  
 
=== Fri 30. ===
 
=== Fri 30. ===
 
**Lecture:
 
**Lecture:
 
*** Forensics (Maximillian Dornseif)
 
*** Forensics (Maximillian Dornseif)
 +
**** [http://www.fuckallyall.com/article1585.html Cat Schwarz Example] [http://www.snopes.com/photos/risque/kettle.asp Reflections]
 
**Fix loose ends
 
**Fix loose ends
 +
[[Category:Summerschools]]

Latest revision as of 01:04, 17 October 2007

cogetdomta Warning: The schedule is somewhat messed up. It needs to be synced with the 'official' schedule.

Course Schedule

Wed 21.

  • ScaPy
  • Tech Report 'till then: (Yves Younan & Daniel Hodson) PDF

Fri 23.

Fuzzing - Paper Ilja talked about (free on the RWTH campus)

Mon 26.

Tue 27.


Thu 29.

  • CoffeeTableTalk: the topology of covert conflict (Shishir Nagaraja) [Paper]

Fri 30.