October 27, 2016

Tying All The Things Together

This final lecture presents the course review, a survey of recent trends in cybersecurity and malware, effective strategies and guidelines for Security Operations Centers (SOC), and presents the final exam review.

[ Slides ]

Interested in having your homework graded? Contact us to learn about grading options. The release schedule for this course is available here.

October 17, 2016

DFIR / Volatility

This lecture on Digital Forensics and Incident Response (DFIR) covers the following topics: Indicators of Compromise (IOC), building a DFIR team, effective strategies and actions during incident response, and recommended tools. The second part offers a demonstration of Volatility, IDA PRO, and YARA for digital forensics and malware analysis.

[ Slides ]

Interested in having your homework graded? Contact us to learn about grading options. The release schedule for this course is available here.

October 14, 2016

Social Engineering and Physical Security

This lecture offers a new spin on social engineering - by staring with fundamental psychological flaws in the human brain, and discussing how they can be exploited. Also known as "hacking in meat space". The second part of this lecture covers physical security, with illustrative animations of how locks and lockpicking work. Defenses against lockpicking are discussed. Finally the third part of this lecture discusses various techniques attackers can use against your systems once they have physical access. This includes hacking over power lines (physical access to just power sockets), USB/PS2/LAN commercial tools, and building automation control systems network hacking.

[ Slides ]

Interested in having your homework graded? Contact us to learn about grading options. The release schedule for this course is available here.

October 5, 2016

Exploitation 107

This lecture is the final exploit development lecture for the course. In it we touch on a few final topics for format string exploitation and heap sprays. We additionally cover clang, it's exploit mitigations, and a novel exploit mitigation bypass technique for clang's "safe-stack". We finally cover EMET, GrSecurity and PaX, KERNHEAP, and SeLinux in depth. Last and most importantly, we demonstrate the necessity of compiling and hardening your own Linux systems from source code, as default binary distros release without using many of the simplest of exploit mitigations.

[ Slides ] [ Homework ]

Interested in having your homework graded? Contact us to learn about grading options. The release schedule for this course is available here.