PAC Seminar 2018
Program Analysis for Cybersecurity 2018 Seminar Materials
Test competition image: test.vulnerablevideoservice.com
Day 1 (Binary Exploitation)
- Introduction Lecture and Introduction Lecture Notes
- Exploit Development Lecture and Exploit Development Lecture Notes
- Hacking Live Virtual Machine Login
- Kali Virtual Machine Login
- Windows XP Victim
- Windows XP ISO
Day 2 (Web Security)
- Competition Team Survey (please complete by Tuesday afternoon)
- Post Exploitation Lecture and Post Exploitation Lecture Notes
- Web Security Lecture and Web Security Lecture Notes
- PACSeminar2018 VM Login
Day 3 (Program Analysis)
- Program Analysis Lecture and Program Analysis Lecture Notes
- Voicemail Hacking Demo
- Windows7 Analysis VM Login
- Reuse VM from Day 2 (PACSeminar2018 VM Login
Day 4 (Bug Hunting + Competition Overview)
- Bug Hunting Lecture and Bug Hunting Lecture Notes
- Submit competition morning report by 10AM on Friday at: https://goo.gl/forms/LCMdlFjOQ4zAQP8g2.
- Competition login instructions: CompetitionLogin.md (Note: SSH Keys will be emailed directly to teams after lecture)
- Talk on Log Analysis
Day 5 (Competition!)
Competition begins officially at 10am in Lab 4. You can come earlier to work and instructor will arrive at 9:30am. At 10am the following domains (see Competiton Targets) will be available for attack by all teams. The competition will run for 3 hours until 1pm.
Please do not do destructive attacks until 12pm (noon). For example do not drop databases, ban all users, or perform denial of service attacks. During the first two hours focus on stealthy attacks such as gaining more access. At 12pm noon it is "weapons free" and you may attack in any manner you want until the end of the competition.
At 1:15pm your afternoon report will be due detailing any new vulnerabilities you have found and the attacks you have attempted or successfully performed. Submit afternoon report here: https://goo.gl/forms/zK3gcWgdGmYkiadK2.
After lunch the competition winners will be announced and an informal debrief session will follow where teams can discuss their experiences.
If your team has been hacked completely and would like to reset the server they can do so for a score penalty. They will then have 30 minutes of safe time to restore the services. Do this only as a last resort.
Teams should maintain the basic functionality of the web service. Consider that you are a business and still want to have customers that use the service. If you remove or disable services, then you will lose some points due to "team spirit" as the discretion of the instructor.
ALL TEAMS MUST HAVE FUN!