Program Analysis for Cybersecurity 2018 Seminar Materials
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

README.md

PAC Seminar 2018

Program Analysis for Cybersecurity 2018 Seminar Materials

Test competition image: test.vulnerablevideoservice.com

Materials

Day 1 (Binary Exploitation)

Day 2 (Web Security)

Day 3 (Program Analysis)

Day 4 (Bug Hunting + Competition Overview)

Day 5 (Competition!)

  • Competition begins officially at 10am in Lab 4. You can come earlier to work and instructor will arrive at 9:30am. At 10am the following domains (see Competiton Targets) will be available for attack by all teams. The competition will run for 3 hours until 1pm.

  • Please do not do destructive attacks until 12pm (noon). For example do not drop databases, ban all users, or perform denial of service attacks. During the first two hours focus on stealthy attacks such as gaining more access. At 12pm noon it is "weapons free" and you may attack in any manner you want until the end of the competition.

  • At 1:15pm your afternoon report will be due detailing any new vulnerabilities you have found and the attacks you have attempted or successfully performed. Submit afternoon report here: https://goo.gl/forms/zK3gcWgdGmYkiadK2.

  • After lunch the competition winners will be announced and an informal debrief session will follow where teams can discuss their experiences.

Competition Targets

Competition Rules

  • If your team has been hacked completely and would like to reset the server they can do so for a score penalty. They will then have 30 minutes of safe time to restore the services. Do this only as a last resort.

  • Teams should maintain the basic functionality of the web service. Consider that you are a business and still want to have customers that use the service. If you remove or disable services, then you will lose some points due to "team spirit" as the discretion of the instructor.

  • ALL TEAMS MUST HAVE FUN!