Analysis and Exploration of Vulnerabilities 2022/2023
Subject lectured to the 1st year of the Masters in Cybersecurity, providing a view over the issue of vulnerability management, it’s assessment, impact, and then exploration.
This edition will be lectured by professor João Paulo Barraca (email: jpbarraca@ua.pt). Teaching staff will be available by email and MS Teams, especially during the allocated tutoring slots. The use of the MS Teams platform for direct communication is highly recommended. Official course information will be available in this page, while grades will be available through Elearning.
Classes will be lectured in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All lecture notes and laboratory guides will be made available in English. Examinations will be made available in both English and Portuguese.
Prospecting students should be aware that this subject some knowledge and comprehension of several topics in the areas of networking, software and operating systems, such as: the Python/C/PHP, Linux console usage (mostly Debian), virtual machines, sockets, HTTP and HTML technologies, mobile applications. Although lacking specific knowledge is not critical, the contents will expect you to have some base knowledge on those topics.
Important Dates
-
T1: November 11th
-
T2 and E1: January 16th, 10AM
-
ES and PS: January 31st, 10AM
-
EE and PE: September
-
Assignment 1 - December 21st
-
Assignment 2 - December 21st
-
Assignment 3 - January 6th
Planning
According to the UA academic schedule, classes will be lectured from September 23rd, until January 6th. The subject is composed by a 3 hours of theoretical lectures, and 1 hour of tutoring, making a total of 4 hours per week of contact hours. It is expected that students spend an additional 2-3 hours per week exploring the concepts presented during the lectures, preparing projects and assignments. It is also expected them to make use of the tutoring times if they have questions or require some assistance. Theoretical classes will present key aspects related with vulnerability management, vulnerability assessment, relevant vulnerabilities in current service architectures (mostly web or REST based), lower level aspects related with stacks, heaps and other vulnerabilities, and then mobile applications.
The topics lectured in each class should be as presented in the following table. Changes may happen, so please check it frequently.
# | Date | Topic |
---|---|---|
1 | Sep 23 | Course Guidelines, Vulnerabilities |
2 | Sep 30 | Information Leakage |
3 | Oct 07 | Vulnerability Assessment |
4 | Oct 14 | Injection Vulnerabilities: SQLi |
5 | Oct 21 | Injection Vulnerabilities: OS Injection |
6 | Oct 28 | Broken Authentication |
9 | Nov 04 | XSS - Cross Site Scripting |
8 | Nov 11 | Theoretical Test, XSS - Cross Site Scripting |
9 | Nov 18 | Lower level buffer manipulation (Stack) |
10 | Nov 25 | Lower level buffer manipulation (Heap) |
11 | Dec 02 | Lower level buffer manipulation (Print Formats, ROP) |
12 | Dec 09 | Mobile Vulnerabilities |
13 | Dec 16 | Concurrency |
14 | Jan 06 | Defense of Assignment 3 |
Software
- Bettercap: The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.
- Wireshark: The most popular packet sniffer application.
- WebGoat: A deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
- Kali Linux: A popular Penetration Testing Distribution.
- John the Ripper: A password Cracker.
- Hashcat: Advanced Password Recovery tool, especially tailored at OpenCL.
- nmap: Probably the most famous port scanner and recognaissance tool.
- Burp Suite: Vulnerability assessment tool
- OWASP ZAP: OWASP Zed Attack Proxy is a vulnerability assessment tool, similar to Burp, but open source.
- GDB: GDB: The GBU Project Debugger
Websites
- OWASP Top 10: OWASP Top 10 vulnerabilities
- GameOfHacks: Identify common programming errors that lead to security issues.
- Bruce Schneier Blog: A very interesting blog dedicate to security and cryptography.
- Reddit NetSec
- NetSecStudents
- CVE Details
- Hack The Box
- Try Hack Me
- CTFTime
Books
- Security in Computing, Fourth Edition
- Security Engineering, Third Edition
- Reddit NetSec Books Galore
- Certified Ethical Hacker (CEH) Preparation Guide
- Hands-On Bug Hunting for Penetration Testers
- The Complete Ethical Hacking Course
- Violent Python
- [Web Security: Common Vulnerabilities and Their Mitigation]
- The Hacker Playbook 2: Practical Guide To Penetration Testing