Advanced Internet Security/ATSec

Advanced Topics in Security (Institute Eurecom)
183.222 Advanced Internet Security (2.0) (TU Wien)
(also known as Internet Security 2)

Lecturers

Christian Platzer, Paolo Milani and Clemens Kolbitsch.
We are also proud to welcome Thorsten Holz as our guest lecturer this year .

For correspondence, send a mail to inetsec@iseclab.org

Tutors

Markus "Hex Cypher" Kammerstetter (InetSec 2 Master Guru)

News

  1. 11.01.2010 Written exam has been announced. It will be on 25.01.2010, 15:00, in the Radinger Saal (same place as the lecture). Please arrive on time.
  2. 14.12.2009 Challenge8 Deadline extended to 11.1.2010. Merry Christmas!
  3. 14.12.2009 Challenge8 is online!
  4. 30.11.2009 Challenge7 is online! PDF is secure, right ?
  5. 23.11.2009 Challenge6 is online! Let's fuzz !
  6. 16.11.2009 Challenge5 is online!
  7. 09.11.2009 Challenge4 is online! Happy windowzzz coding :-)
  8. 26.10.2009 Challenge3 is online!
  9. 19.10.2009 Challenge2 is online! Happy stack smashing ;)
  10. 13.10.2009 We just noticed that the Challenge1 deadline was incorrect on the description page. The correct deadline is - as announced on TUWIS and in the lecture - October 19th (3 pm).
  11. 12.10.2009 Challenge1 is online! Happy shell mangling :-)
  12. 01.10.2009 The Introduction (Vorbesprechung) to the course will be in FH Hoersaal 2, 10:45-12:30 on 06.10.2009.
  13. 01.10.2009 The web page has been updated with the necessary organizational information. There is an introductory meeting (Vorbesprechung) on Tuesday, 6th of October, 10:45, in FH HS 2. At this meeting, the course and the prerequisites will be described. Further, a brief introduction will be given to the organization of the course this year. If you cannot attend this meeting, then please check this site. All information that you need to register and complete the course will be on this page. The assigments will be online on these pages as usual.

Abstract

Advanced Internet Security (i.e., InetSec 2) serves as a continuation for the class Internet Security. The idea is to present problems in more detail and allow students to apply their knowledge in practical exercises. Because the class will feature a number of programming exercises, students are required to have considerable programming experience. The lecture deals with common programming mistakes and ways to detect and avoid them. Examples are used to highlight general error classes, such as stack and heap overflows. As part of the class, students can participate in an inter-university "capture-the-flag" hacking contest in which they can prove their knowledge of security and system management by competing with their peers.

Topics

  • Operating system security and vulnerabilities (UNIX, Windows, stack and heap overflows)
  • Windows Security
  • Buffer Overflows (including Heap overflow)
  • Fuzzing
  • Reverse engineering and binary analysis
  • Viruses and worms
  • Underground economy

Prerequisites

  • Time! ;-) == You will be programming every week or so!
  • good programming/developing skills (C - x86 assembler advantageous)
  • Internet Security VU
  • Experience with Linux and Windows

Assignments

There are a set of "challenges" that the students are required to solve. These challenges are security-related programming assignments (e.g., buffer overflows, application cracking, virus coding, etc.).

The challenges will be announced on a regular basis, most of them following the content of the lectures.

Location, Dates and Times

06.10.2009 10:45-12:30, Introduction and Organization in FH HS 2

Regular lectures: Starting on Monday, 12.10.2009 in Radinger Hoersaal, Getreidemarkt 2 (Near the Audimax), 15:00 to 16:30.

Slides

06.10.2009, Introduction slides
12.10.2009, Unix security slides
19.10.2009, Memory corruption slides
09.11.2009, Windows Security 1 slides
16.11.2009, Windows Security 2 slides (including Lockdown rules)
23.11.2009, Race Conditions slides
30.11.2009, Reverse Engineering slides
07.12.2009, Web security 3 slides
14.12.2009, Malware 1 slides
11.01.2010, Malware 2 (botnets) slides

Examination

There will be an exam at the end of the course, in January.

Registration

The InetSec 2 registration is closed.
Last Modified: Fri Jan 22 11:11:42 CET 2010


International Secure Systems Lab www.iseclab.org