IT & Mobile Security

Advanced System Exploitation

Tutorial, 3.00 ECTS

 

Course content

The course covers advanced attack scenarios of experienced hackers. The attack vectors are analyzed and simulated in a lab environment. The main focus is on the detection, analysis and design of countermeasures.
Topics:
Malware analysis
Code analysis
Reverse engineering
Firmware analysis
Race conditions in software
Bypass methods of exploit mitigation mechanisms like ASLR, SafeSEH, SEHOP, DEP by using advanced exploitation techniques like ROP (return oriented programming), Heap Spraying, partial overwrite of memory areas,..
Bypass anti virus protection
Attacks against cryptographic systems, secure/unsecure algorithms and implementations
Attacks against ICS systems and countermeasures

Learning outcomes

Graduates gain knowledge concerning security principles of IT systems, and therefore sound skills for securing this systems concerning safty and security

Recommended or required reading and other learning resources / tools

Books:
The Shellcoders Handbook, Anley Heasman, Linder, Richarte
Hacking The Art of Exploitation, Erickson
Hacking mit Metasploit, Messner
Tanenbaum: Modern Operation Systems, 3rd Ed. Prentice Hall, 2007
Trend Jaeger: Operating System Security, Morgan & Claypool, 2008
Professional Journals: Linux Magazin, IX

Mode of delivery

3 ECTS tutorial

Prerequisites and co-requisites

modules OFF 1 and ISC 2

Assessment methods and criteria

Lecture: final exam, tutorial: continuous assessment