Instructor:

Prof. Ying-Dar Lin (ydlin@cs.nctu.edu.tw)

TA:

Tuan (minhtuanthaivn@gmail.com)

汪建廷 (ctwang@cs.nctu.edu.tw)

張敬昊 (frankchang.cs04g@g2.nctu.edu.tw)

鄒永樑 (yltsou.cs04g@g2.nctu.edu.tw)

王順賢 (u10016029@go.utaipei.edu.tw)

Introduction to Computer Security, Spring 2016

syllabus download (updated, 2016/2/23)

TextBook:

Stuart McClure, Joel Scambray, George Kurtz, "Hacking Exposed 7: Network Security

Secrets & Solutions," McGraw-Hill, July 2012.

Reference:

1. Ying-Dar Lin, Ren-Hung Hwang, Fred Baker, “Computer Networks: An Open Source

    Approach,” Chapter 8 Network Security, McGraw-Hill, Feb 2011.

2. William Stallings, “Cryptography and Network Security, 6th edition,” Prentice Hall,

    March 2013.

Previous Course Page:

15spring

Slides:

Chapter 8 (from the reference book)

Chapter1

Chapter2

Chapter3

Chapter4

Chapter5

Chapter6

Chapter7

Chapter8

Chapter9

Chapter10

Chapter11

Chapter12

Scores:

None

2016/06/01

Homework #6
Due: 6/13 (Mon) to e3

  1. (60 points) Android Debug Tool
    1. Install Android SDK.
    2. Connect an Android device or emulator to the host which runs DDMS in the SDK.
    3. Dump and explain contents output by logcat in DDMS.
  2. (40 points) Select an Android device or emulator (e.g. the one in Android SDK, Bluestacks, and so on), root it. It is recommended to root on an Android emulator to avoid turning your phones "bricked".
  3. (20 points) Use document management app (e.g. Root Explorer) to add/remove apk files to/from the folder “/system/app/” in a rooted Android device or emulator, and observe what happens.
  4. (20 points) Install the app, AdBlock, in an rooted Android device or emulator and explain how it blocks Ads.
  5. (20 points) Install a root-dependent app (except AdBlock) to a rooted Android device or emulator and explain why it needs a root system.
  6. (20 points) Select one version of iOS, survey how to jailbreak it, and list the steps.

2016/05/19 Homework #5 (Ch9-10)

Homework #5 (Ch9-10)
Due date: 6/1 (Wed) onto e3

  1. (60 points) Hacking (a game) ROM
    1. Learn how to hack a game ROM from this link http://www.nintendoage.com/forum/messageview.cfm?catid=22&threadid=19733
    2. Change 2 PLAYER GAME in menu to 2 Your Name GAME, e.g.,
    I change the 2 PLAYER GAME to 2 EKARAT GAME. Capture and paste your change. * You can download the target game rom (Super Mario Adventure (SMB1 Hack).nes) HERE
  2. (30 points) Use your Hex editor to modify any programs you want, and tell us
    1. What is the target program?
    2. What is your modification? Show the captured screen of the result.
  3. (30 points) Havij
    1. Install Havij.
    2. Explain how to use this tool to crack a database.
  4. (30 points) Burp Suite
    1. Install Burp Suite.
    2. Explain how to use this tool.
    3. Using Burp Suite to scan a target, what kind of information can you get?

Some changes and hints for homework #4

In question #3, the official site of Poison Ivy is down. But it can still be found here => https://samsclass.info/123/proj10/p11-PI.htm

In question #5, please skip SiVuS because it is not supported anymore.

In question #7, in order to finish the requried tasks, monitor mode and packet injection must be supported on your wireless adapter; Consider most of you don't have the compatible wireless adapter, this question is changed to optional, you can skip this question if you don't have the equipment; however, you'll still get point if you managed to finish them correctly.
To see whether your adapter is supported, check out the compatible list here => http://www.aircrack-ng.org/doku.php?id=compatibility_drivers
If you would like to get a compatible one, I recommend you to try ALFA AWUS036NH.

Most importantly, the due day is extended to 5/18 (Wed.)

No class on 5/23 & 5/25

No class on 5/23 & 25 due to a trip for a conference and an IEEE distinguished lecture tour.

2016/05/09 Homework 4

Due: 5/16 (Mon) in uploaded softcopy

  1. (30 points) Use all of WHOIS, Robtex, and PhishTank to trace back on a phishing email found in your mailbox. If you don’t find one, create one email account and post the email address onto Web to solicit some. Show and discuss your findings.
  2. (30 points) On Windows with some running processes connecting to the Internet, use FTK Imager to dump memory and then Volatility Framework to analyze the memory dump. Show processes with connections, and check whether they have DLLs.
  3. (30 points) Retrieve Poison Ivy RAT from the Internet. Use a program tracing tool you are familiar with to trace this RAT. Show how you trace the RAT with your tracing tool and summarize what modules this RAT contains.
  4. (20 points) Use Nmap, NTA Monitor, IKEProbe to identify whether a target VPN server supports Aggressive mode. Screen dump “useful” results and explain.
  5. (20 points) Use SiVuS, SIPVicious to scan a public SIP server. Screen dump “useful” results and explain.
  6. (30 points) Setup your own client and an AP, or find an existing AP, running no encryption. Use wireshark or airodump-ng to sniff and decode data frames. Show and discuss your findings.
  7. (50 points) Setup your own client and an AP to run WEP. Use the aircrack-ng suite to crack the WEP key by running through the steps of frame capturing, fake authentication attack, ARP replay attack, and key cracking. Show and discuss the steps you run through.

2016/04/10 Homework 3 shifted to 4/20

As title, the homework 3 is shifted to 4/20 (Wed).

Also, some of you have reported that OVSDB is officially shut down (https://blog.osvdb.org/2016/04/05/osvdb-fin/),
which is needed in homework 3. Please just write for the remaining two then.

Announcements:

2016/04/07 Midterm shifted

Midterm has been shift from 4/18(Mon) to 4/20(Wed) 8:00 AM ~ 9:50 AM

If you have any time comflicts, please contact me.

2016/04/01 Homework 3 & Midterm

Midterm

Time: 4/18 (Mon) 10:10AM-12:00NN
Coverage: ch8 (in the reference book), ch1-5 (in the textbook)
Form: Open book and printed materials, but no electronic devices and no paper exchange between students


Homework #3 Ch4 & Ch5 (Total: 210)

Due: 4/18 (Mon) upload to e3
(format: problem, solution with explanation, screen dumps)

  1. (60 points) Use Cain to crack passwords on “your” Windows system with the following three different methods supported by Cain.
    1. Brute-force cracking
    2. Dictionary cracking
    3. Rainbow cracking
  2. (30 points) Use John the Ripper (JTR) to crack passwords on “your” Linux system.
  3. (40 points) Use Metaexploit to exploit a known vulnerability on a server of your choice and on a browser of your choice, respectively.
  4. (20 points) After you gain the access of a target host, show how you could install a backdoor program and make it accessible with netcat. You can listen on your host to wait for the backdoor to connect over.
  5. (20 points) Compare the vulnerability information that you can collect from three sources: Bugtraq, Open Source Vulnerability Database, Common Vulnerability and Exposures Database. Draw a table to compare them in several features.
  6. (20 points) Use find to search the SUID, SGID, and world-writable files on your Linux system.
  7. (20 points) Use Logclean-ng to clean the logs created during one login session on your Linux system.

2016/03/08 Homework 1

Due: 3/16 (Wed) in the class in printed hardcopy (format: problem, solution with explanation, screen dumps)

  1. (20 points) Select a web site.
    1. Use "Wget" or "Teleport Pro" to mirror the site. Look for comments within comment tags. Give screen dumps and explain what you found.
    2. Use "DirBuster" with a proxy feature through "privoxy" to enumerate hidden files and directories. Screen dump and explain the hidden files and directories you found.
  2. (20 points) Lookup "How I met your girlfriend" in the BlackHat 2010 demo to explain, in 0.5 page, how this was done.
  3. (20 points) Select a person. Use on-line sites for phone book, social network, information, job, photo management, business directory, jigsaw.com, etc. to summarize, with screen dumps and explanations, what information you can get. If your target is not in US nor native English speaker, you might need to use on-line sites different from the textbook.
  4. (20 points) Google "XYZ resume firewall" and "XYZ resume intrusion detection" where "XYZ" is the name of your target company. Screen dump "useful" results and explain what you got.
  5. (20 points) Lookup Archive.org and Google cached results, and select a target web site. Compare the differences between an archived and cached copy with its current on-line web site. Give screen dump and explain the differences.
  6. (20 points) Find Google Hacking Database at hackersforcharity.org/ghdb/. Summarize what it has and select 3 strings to search. Screen dump and explain what you got.
  7. (20 points) Select a web site. Start from whois.iana.org to find its registry, registrar, and registrant. Also select an IP address. Start from arin.net to find who owns the IP address. Show your screen dump and explain.
  8. (20 points) Select a domain name. Use nslookup to dump its DNS records. Show your screen dump and explain.
  9. (20 points) Select a domain name. Use traceroute or similar tools to find the access path to that domain. Show your screen dump and explain.
  10. (bonus: 40 points) Follow the case study right before chapter 1. Select one target and run through all tools (Tor, Vidalia, Privoxy, tor-resolve, proxychains, Nmap, socat, nc). Screen dump the process and explain what you got in your screen.

2016/03/14 Homework #1 is deferred

Homework #1 deadline is deferred to 2016/03/21 in class

2016/02/18 Textbook order information

If you would like to order textbook. Please fill in the form

The deadline is 2016/02/24 6:00pm