Instructor:

Prof. Ying-Dar Lin (ydlin@cs.nctu.edu.tw)

TA:

Tuan (minhtuanthaivn@gmail.com)

汪建廷 (ctwang@cs.nctu.edu.tw)

Ricardo Pontaza (pontaza.ricardo@gmail.com)

張敬昊 (frankchang.cs04g@g2.nctu.edu.tw)

Introduction to Computer Security, Spring 2017

syllabus download

TextBook:

Stuart McClure, Joel Scambray, George Kurtz, "Hacking Exposed 7: Network Security

Secrets & Solutions," McGraw-Hill, July 2012.

Reference:

1. Ying-Dar Lin, Ren-Hung Hwang, Fred Baker, “Computer Networks: An Open Source

    Approach,” Chapter 8 Network Security, McGraw-Hill, Feb 2011.

2. William Stallings, “Cryptography and Network Security, 6th edition,” Prentice Hall,

    March 2013.

Previous Course Page:

15spring

16spring

Slides:

Chapter 8 (from the reference book)

Chapter1

Chapter2

Chapter3

Chapter4

Chapter5

Chapter6

Chapter7

Chapter8

Chapter9

Chapter10

Chapter11

Chapter12

Scores:

2017/06/05 Final exam

Final exam

Time: 6/12 (Mon) 10:10AM-12:00NN
Coverage: ch6-ch12
Form: open book but no electronic device (only printed materials, no sharing).

2017/05/10 Homework 5

Due: 5/24 (Web) uploaded to NCTU E3 (https://dcpc.nctu.edu.tw/) (format: problem, solution with explanation, screen dumps)

  1. (30 points) Google Dork
    1. Using googledork to find a target which can be injected.
    2. Explain why this target can be injected.
    3. Explain how to avoid it.
  2. ((30 points) Havij
    1. Install Havij.
    2. Explain how to use this tool.
    3. Using Havij to crack a database.
  3. (60 points) SQL injection
    1. Try to use SQL injection to crack a web application.
    2. Explain why this web application can be cracked.
    3. Explain how to avoid it.
  4. (30 points) Burp Suite
    1. Install Burp Suite.
    2. Explain how to use this tool.
    3. Using Burp Suite to scan a target, what kind of information can you get?
  5. (40 points) Browser plug-in
    1. IIntroduce a Browser plug-in on Chrome or Firefox which can do web application hacking.
    2. Explain how to use this tool, and show your results.
  6. Bonus (40 points) Using XerXes to do DoS attack.

2017/05/01 Homework 4

Due: 5/15 (Mon) uploaded to NCTU E3 (https://dcpc.nctu.edu.tw/) (format: problem, solution with explanation, screen dumps)

  1. (30 points) Use all of WHOIS, Robtex, and PhishTank to trace back on a phishing email found in your mailbox. If you don’t find one, create one email account and post the email address onto Web to solicit some. Show and discuss your findings.
  2. (30 points) On Windows with some running processes connecting to the Internet, use FTK Imager to dump memory and then Volatility Framework to analyze the memory dump. Show processes with connections, and check whether they have DLLs.
  3. (30 points) Retrieve Poison Ivy RAT from the Internet. Use a program tracing tool you are familiar with to trace this RAT. Show how you trace the RAT with your tracing tool and summarize what modules this RAT contains.
  4. (30 points) Setup your own client and an AP, or find an existing AP, running no encryption. Use wireshark or airodump-ng to sniff and decode data frames. Show and discuss your findings.
  5. (50 points) Setup your own client and an AP to run WEP. Use the aircrack-ng suite to crack the WEP key by running through the steps of frame capturing, fake authentication attack, ARP replay attack, and key cracking. Show and discuss the steps you run through.

2017/04/12 Homework 3

Due: 4/24 (Mon) uploaded to NCTU E3 (https://dcpc.nctu.edu.tw/) (format: problem, solution with explanation, screen dumps)

  1. (60 points) Use Cain to crack passwords on “your” Windows system with the following three different methods supported by Cain.
    1. Brute-force cracking
    2. Dictionary cracking
    3. Rainbow cracking
  2. (30 points) Use John the Ripper (JTR) to crack passwords on “your” Linux system.
  3. (40 points) Use Metaexploit to exploit a known vulnerability on a server of your choice and on a browser of your choice, respectively.
  4. (20 points) After you gain the access of a target host, show how you could install a backdoor program and make it accessible with netcat. You can listen on your host to wait for the backdoor to connect over.
  5. (20 points) Compare the vulnerability information that you can collect from three sources: Bugtraq, Open Source Vulnerability Database, Common Vulnerability and Exposures Database. Draw a table to compare them in several features.
  6. (20 points) Use find to search the SUID, SGID, and world-writable files on your Linux system.
  7. (20 points) Use Logclean-ng to clean the logs created during one login session on your Linux system.

2017/04/06 Midterm

Midterm

Time: 4/17 (Mon) 10:10AM-12:00NN
Coverage: ch8 (in the reference book), ch1-5 (in the textbook)
Form: open book but no electronic device (only printed materials, no sharing).

2017/03/20 Homework 2

Due: 4/07 (Fri) uploaded to NCTU E3 (https://dcpc.nctu.edu.tw/) (format: problem, solution with explanation, screen dumps)

  1. (50 points) Select a target domain and use Nmap for the following tasks.
    1. host discovery on the selected domain,
    2. port scanning on a selected host,
    3. active stack fingerprinting on the selected host,
    4. version scanning on a selected port,
    5. vulnerability scanning on the selected port.
  2. (20 points) List and compare nmap-os-fingerprints used in Nmap and osprints.conf used in Siphon. Discuss how and why they differ.
  3. (20 points) List and compare nmap-services and nmap-service-probe. Discuss how and why they differ.
  4. (10 points) On a UNIX/Linux host, list /etc/inetd.conf. Discuss what services are being offered.
  5. (30 points) Select a target domain, run metaexploit with Nmap scans and import Nmap results into the database. Show found hosts and available ports.
  6. (30 points) Select a website to do banner grabbing with telnet, netcat, and grendel-scan, respectively. Show and compare their results.
  7. (20 points) Select a target domain to do automatic DNS enumeration by dnsenum to find subdomains, servers, and their IP addresses.

2017/03/13 Homework 1

Due: 3/22 (Wed) uploaded to NCTU E3 (https://dcpc.nctu.edu.tw/) (format: problem, solution with explanation, screen dumps)

  1. (20 points) Select a web site.
    1. Use "Wget" or "Teleport Pro" to mirror the site. Look for comments within comment tags. Give screen dumps and explain what you found.
    2. Use "DirBuster" with a proxy feature through "privoxy" to enumerate hidden files and directories. Screen dump and explain the hidden files and directories you found.
  2. (20 points) Lookup "How I met your girlfriend" in the BlackHat 2010 demo to explain, in 0.5 page, how this was done.
  3. (20 points) Select a person. Use on-line sites for phone book, social network, information, job, photo management, business directory, jigsaw.com, etc. to summarize, with screen dumps and explanations, what information you can get. If your target is not in US nor native English speaker, you might need to use on-line sites different from the textbook.
  4. (20 points) Google "XYZ resume firewall" and "XYZ resume intrusion detection" where "XYZ" is the name of your target company. Screen dump "useful" results and explain what you got.
  5. (20 points) Lookup Archive.org and Google cached results, and select a target web site. Compare the differences between an archived and cached copy with its current on-line web site. Give screen dump and explain the differences.
  6. (20 points) Find Google Hacking Database at hackersforcharity.org/ghdb/. Summarize what it has and select 3 strings to search. Screen dump and explain what you got.
  7. (20 points) Select a web site. Start from whois.iana.org to find its registry, registrar, and registrant. Also select an IP address. Start from arin.net to find who owns the IP address. Show your screen dump and explain.
  8. (20 points) Select a domain name. Use nslookup to dump its DNS records. Show your screen dump and explain.
  9. (20 points) Select a domain name. Use traceroute or similar tools to find the access path to that domain. Show your screen dump and explain.
  10. (bonus: 40 points) Follow the case study right before chapter 1. Select one target and run through all tools (Tor, Vidalia, Privoxy, tor-resolve, proxychains, Nmap, socat, nc). Screen dump the process and explain what you got in your screen.

2017/02/24

No class on March 1 (Wed).

2017/02/24

Quiz #1 on March 6 (Mon), covering ch8 in the reference book. Future quizzes would not be announced.

2017/02/17

No class this Saturday (02/18).