Summer Hack Night 2013 Curriculum
We're going to refer to each section of the Hack Night curriculum as a "week" because that's how we have it structured, however each topic won't necessary last a week.
Just some basics here. Watch the PicoCTF videos. Read a bit of the textbook chapter until you get bored. The Security Principles and the Secure Coding Principles are highly recommended, try to understand these as well as you can. If these principles don't make sense now, they'll become clearer throughout the summer. If reverse engineering and low level programming excite you, we recommend you watch as much of The Hardware/Software Interface class as you can, so you're ready to go when we hit week 6.
Your homework for week 0 is this PicoCTF challenge, Python Eval 1. Feel free to check some other easier challenges from PicoCTF as well. Remember to use the IRC channel for questions/support.
An introduction to Hack Night. A little bit about vulnerability disclosure, and a little bit about ethics. Two videos about what you'll learn over the summer, and how it all fits together. The most important part of week 1 is checking out all our resources and trying to determine what you want to take away from this program. What topics you want to focus on, what projects you want to work on, what you want to learn, what skills you want to master.
Your homework for week 1 is to pick a project and a research topic. This is the same task we typically give to students who are graduating from Hack Night, so if you're unsure, it's okay! Ask a mentor in IRC for help. We recommend you look for bugs in software, also known as vulnerability research.
If you cannot find a project that immediately captures your interest, just go through the list and keep it in the back of your mind while continuing the through the Hack Night curriculum.
This is an introduction to Source Code Analysis. Watch all three lectures and check out the resources. If you aren't familiar with C or PHP, you can learn them from resources here. Don't spend too much time learning the language, just enough so you can understand the lecture.
Try to find bugs in all three workshop materials. Find three bugs in each assignment, then move on. If you need any help, ask a mentor.
This is an introduction to web security. Watch both lectures. It helps to be familiar with web technologies, but isn't required.
Audit all three web applications. Find three bugs in each web application, then move on. If you need any help or have any questions, ask a mentor.
During the regular semester we have 4 weeks dedicated to Reverse Engineering, however we will not be using all the materials during the summer. Watch the three lecture videos, and then continue onto the homework. If you particularly enjoy this topic, you can watch Xeno's lectures too and do more of the workshops from the regular curriculum.
Watch the video, and read about the history of Exploitation.
Write a fully functioning exploit for demo.exe (Password: infected) using the video. We have prepared two VMs, one with the vulnerable application and another from which you will launch your exploit. These Virtual Machines are for NYU Poly Hack Night use ONLY.
Watch the video, and read about Stuxnet.
Complete the workshop, using the same VMs. These Virtual Machines are for NYU Poly Hack Night use ONLY.
Use fuzz.py to fuzz mplayer or VLC, until you have one crash.
In week 1 you started to think about a project. At this point, you should have one in mind. Get approval from a mentor and start your final project. Remember to keep us updated on your progress.