CPTR 444/544 Offensive Security

This page provides hints, insights and direction for the cross listed class in Offensive Security. As a graduate class I am not interested in just teaching you how to use tools to exploit systems. I also want you to be able to research new methods to exploit and protect systems. Consequently you will find a balance between learning about tools and known techniques and pushing the boundary to extend those techniques and create new tools for exploits and defense. Because of this, research is a big part of the graduate class. As we look at existing tools, we'll discuss what it does, how it works, and how to extend the functionality and research possibilities related to what we are learning.

https://images-ext-1.discordapp.net/external/92E0ySO0WvM8_OJJCZhqcBK1ss899tLWoUNBLs43HH8/https/imgs.xkcd.com/comics/voting_software.png

/NotesForNextClass

Weekly Routine

  1. Current Events Discussion / Research presentations (Keep it short!)
  2. Retrospective on previous assignment/work.
  3. Discuss/Lecture/Demonstrations of Upcoming Chapter(s)
  4. Discuss upcoming assignment.

Current Events

All students are required to present the following:

Resources

Graduate Research Assignment

Graduate students must write two papers and present research reviews each week.

Presenting Research Reviews of Peer-Reviewed Papers

Each week I would like graduate students to present a summary of a peer reviewed conference paper from an ACM/IEEE/Springer conference (You may also use other notable security conferences). Most topics are your choice, but you should pick papers related to your chosen topic to write on (see next). These should only be 10 minutes max including discussion. One presentation must introduce a new attack or attack technique. One presentation must deal with privacy issues inside the US. The other papers are up to you. You may choose to do the required topics during any regular class, however I recommend that you do them near the beginning.

Writing your own Research Paper

Graduate students must write two papers:

  1. Your first paper should be a survey paper that analyzes current and historically significant research of your particular topic and makes recommendations about use.
  2. Your second paper should be an implementation of a previously unimplemented idea or extension/application of some area you found interesting in your first paper.

Ideas:

Homework Assignments

Homework assignments are given on https://eclass.e.southern.edu

Common Vocabulary and Acronyms

Vulnerability Databases

Using VirtualBox for Kali Linux

I use VirtualBox to run Kali Linux on my windows machine. You can use something else if you like, but I may not be able to help you.

When setting up the Network for my Kali machine, I want to have a network that looks something like this:

          Internet 
             |
         Nat-Adapter
             |
 ---------------------------
 |                         |
Kali                   Metasploit

But that setup doesn't provide an easy way to connect to your Kali machine (or any other machine on the network) via ssh or rdp. Consequently, I'd recommend adding a second Adapter to each of your machines that is a "Host only network." That way your machines can talk to the internet (but the internet can't connect directly to them), AND you can connect directly to them from your host machine. (See https://www.virtualbox.org/manual/ch06.html)

          Internet 
             |
         Nat-Adapter
             |
 ---------------------------
 |                         |
Kali                   Metasploit
 |                         
 -------------
             |
       Host Only Adapter             

Note that I did not connect an additional host adapter to Metasploit, because I can get to it from Kali.

OffensiveSecurity (last edited 2024-09-01 19:18:00 by scot)