Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
README.md

README.md

Summer Hack Night 2013 Curriculum

We're going to refer to each section of the Hack Night curriculum as a "week" because that's how we have it structured, however each topic won't necessary last a week.

Logistics information is available here.

Week 0: Background

Just some basics here. Watch the PicoCTF videos. Read a bit of the textbook chapter until you get bored. The Security Principles and the Secure Coding Principles are highly recommended, try to understand these as well as you can. If these principles don't make sense now, they'll become clearer throughout the summer. If reverse engineering and low level programming excite you, we recommend you watch as much of The Hardware/Software Interface class as you can, so you're ready to go when we hit week 6.

Homework

Your homework for week 0 is this PicoCTF challenge, Python Eval 1. Feel free to check some other easier challenges from PicoCTF as well. Remember to use the IRC channel for questions/support.

Week 1: Introduction

An introduction to Hack Night. A little bit about vulnerability disclosure, and a little bit about ethics. Two videos about what you'll learn over the summer, and how it all fits together. The most important part of week 1 is checking out all our resources and trying to determine what you want to take away from this program. What topics you want to focus on, what projects you want to work on, what you want to learn, what skills you want to master.

Homework

Your homework for week 1 is to pick a project and a research topic. This is the same task we typically give to students who are graduating from Hack Night, so if you're unsure, it's okay! Ask a mentor in IRC for help. We recommend you look for bugs in software, also known as vulnerability research.

If you cannot find a project that immediately captures your interest, just go through the list and keep it in the back of your mind while continuing the through the Hack Night curriculum.

Week 2: Source Code Analysis

This is an introduction to Source Code Analysis. Watch all three lectures and check out the resources. If you aren't familiar with C or PHP, you can learn them from resources here. Don't spend too much time learning the language, just enough so you can understand the lecture.

Homework

Try to find bugs in all three workshop materials. Find three bugs in each assignment, then move on. If you need any help, ask a mentor.

Week 3: Web Security

This is an introduction to web security. Watch both lectures. It helps to be familiar with web technologies, but isn't required.

Homework

Audit all three web applications. Find three bugs in each web application, then move on. If you need any help or have any questions, ask a mentor.

Week 4: Reverse Engineering

During the regular semester we have 4 weeks dedicated to Reverse Engineering, however we will not be using all the materials during the summer. Watch the three lecture videos, and then continue onto the homework. If you particularly enjoy this topic, you can watch Xeno's lectures too and do more of the workshops from the regular curriculum.

Homework

The homework for Reverse Engineering is to solve the first two stages of the CMU Bomb Lab. Use IDA Pro and gdb to try and solve the first two phases.

Week 5: Exploitation

Watch the video, and read about the history of Exploitation.

Homework

Write a fully functioning exploit for demo.exe (Password: infected) using the video. We have prepared two VMs, one with the vulnerable application and another from which you will launch your exploit. These Virtual Machines are for NYU Poly Hack Night use ONLY.

Week 6: Post-Exploitation

Watch the video, and read about Stuxnet.

Homework

Complete the workshop, using the same VMs. These Virtual Machines are for NYU Poly Hack Night use ONLY.

Week 7: Fuzzing

Watch the video, and read about smart fuzzing. If this interests you, consider reading more about Program Analysis.

Homework

Use fuzz.py to fuzz mplayer or VLC, until you have one crash.

Final Project

In week 1 you started to think about a project. At this point, you should have one in mind. Get approval from a mentor and start your final project. Remember to keep us updated on your progress.