Offensive Security/HackPra SS2022
Video Lectures and further information on the course offensive security at Hochschule Bonn-Rhein-Sieg.
Community: LEA Course, Discord, BBB
Week 0
Starting 2021-04-05
Segment 0
This segment is about introduction, motivation and formalities.
Description
Here I briefly talk about the ramifications of the lecture.
Learning Goals
Why is the audio bad some times?
Description
This is just a brief welcome video, introducing me and explaining why I am doing this as a video lecture. This was recorded pre-corona.
Learning Goals
Why am I doing a video lecture?
Description
This video introduces us, the lecturers.
Learning Goals
Who are we and where did we come from?
Description
This video tells you why you should do this lecture and why our approach is different.
Learning Goals
What is the purpose of learning offensive security? How did hacks in the recent past work?
Description
This video explains the formalities of the course.
Learning Goals
How to pass the course. Learn about the time schedule.
Description
This video is about the german law and how it deals with hackers.
Learning Goals
This tells you why you should not hack real systems in Germany.
Description
This video tells you how to submit your homework.
Learning Goals
How to register and login to the training platform. How to join the course and earn points.
Segment 1
This segment is about HTTP and the OWASP Top 10.
Description
This video tells you about HTTP 1.1, the protocol that makes up the world wide web.
Learning Goals
How does HTTP work? How do you issue an HTTP request?
Description
This video tells you about the famous OWASP Top 10 list.
Learning Goals
Learning what the OWASP is. What is the OWASP Top 10 list?
Description
This video shows how a typical implementation flaw in a web application looks like.
Learning Goals
Identifying real instances of the OWASP Top 10 vulnerability types.
Segment 2
This segment is about sessions in the HTTP.
Description
This video tells you about the need for sessions in HTTP.
Learning Goals
How are sessions usually implemented? What are they needed for?
Description
This video tells you about possible attacks on sessions and about ARP spoofing.
Learning Goals
How could sessions be attacked? What is ARP spoofing?
Description
This video shows how sessions could be broken via predicting or brute force.
Learning Goals
What could go wrong when implementing sessions?
Description
This video explains what CSRF is and why it is dificult to mitigate.
Learning Goals
What is CSRF? What are consequences of a CSRF attack?
Homework
In this week's homework you're supposed to get an understanding of how security relevant bugs occur. It's mainly about OWASP A2, A3 and A5. The homework consits of these tasks:
Week 1
Starting 2021-04-12
Segment 0
This segment is about giving an introduction to injections.
Description
This video gives an example of what we're working on this week: Injections
Learning Goals
What is an injection vulnerability?
Segment 1
This segment is about command injection.
Description
How can a exec call go bad?
Learning Goals
What is a command injection and how can it be exploited?
Description
How can filters go bad?
Learning Goals
White list > black list
Description
In this video we see real world examples of command injections.
Learning Goals
Command injections actually happen frequently.
Segment 2
This segment is about code injections.
Description
In this video we use PHP as an example of how code injections might look like.
Learning Goals
Learn how code injections can look like in PHP.
Description
As a not so obvious example of code injection, we look at Template injection.
Learning Goals
Find out why you have to be careful with templates.
Description
Not code, but dot-injection can also lead to problems.
Learning Goals
Find out what path traversal attacks are.
Description
In this video we'll look at a not so trivial example of a path traversal.
Learning Goals
Find out that path traversals actually exist.
Segment 3
This segment is about SQL injections.
Description
In this video we'll look at another type of injection: Database Injection.
Learning Goals
Find out how database/sql injection exploits work.
Description
In this video we'll see how data can be stolen with SQLi.
Learning Goals
Find out how UNION based SQLi works.
Description
In this video we'll see how data can be stolen without direct result output.
Learning Goals
Find out how error and time based SQLi work.
Description
In this video we'll see how difficult it can be to use filters.
Learning Goals
Get an understanding of how filter evasion and poorly designed APIs affect security.
Description
In this video we'll see another type of database injection.
Learning Goals
Understand that database injections can have many forms.
Homework
In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:
- Do the shell tutorial at shellscript.sh. Beeing able to use the shell will boost your productivity by a factor of 10!
- Read the writeup at openwall about bypassing OpenBSD services login with command injection. Have a laugh.
- Reach the required amount of points at hackfest.redrocket.club at course HackPra-Week1. Use a search engine of your choice to find relevant information.
Week 2
Starting 2021-04-19
Segment -1
This segment is about what is different this week.
Description
I'll tell you how this week will be different.
Learning Goals
How is this week different?
Segment 0
This segment is about cross site scripting.
Description
This video gives an introduction to cross site scripting.
Learning Goals
What is XSS?
Description
James Mickens about JavaScript
Learning Goals
What is JavaScript and is it really that wierd?
Description
This video show why XSS is dangerous.
Learning Goals
How can XSS be exploited?
Description
We learn about simple xss mitigations and how to defeat them.
Learning Goals
How can XSS mitigations be bypassed?
Description
An actual XSS on google.com by Masato Kinugawa. It abuses a parsing differential between a JavaScript enabled and disabled context.
Learning Goals
Does XSS happen in big applications?
Segment 1
This segment is about XML security.
Description
This video introduces XML and XML injections.
Learning Goals
Why do we talk about XML?.
Description
This video introduces XXE Attacks.
Learning Goals
What are XXE attacks and why are they dangerous?
Segment 2
This segment is about serialization.
Description
This video introduces the concept of serialization.
Learning Goals
What is serialization?
Description
This video tells you how serialization can be exploited in Python.
Learning Goals
How can serialization be exploited in Python?
Description
This video tells you how serialization can be exploited in Java.
Learning Goals
Can serialization be exploited in a statically typed language?
Description
This video tells you how serialization can be exploited in PHP.
Learning Goals
How can serialization be exploited in PHP?
Segment 3
This segment is about race conditions and desynchronization.
Description
This video tells you when race conditions can occur and why they matter.
Learning Goals
What is a race condition?
Description
This video gives an example of how a race condition can look like.
Learning Goals
How can a race condition look like in reality?
Description
Albinowax about HTTP desync attacks.
Learning Goals
How can distributed systems be desync'ed?
Homework
In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:
- Read the writeup by Netanel Rubin about hacking moodle. It combines multiple topics we've covered into one exploit. It will help you with the 1337 task!
- Reach the required amount of points at hackfest.redrocket.club at course HackPra-Week2. Use a search engine of your choice to find relevant information.
Week 3
Starting 2021-04-26
Segment -1
This segment is about this week.
Description
This video tells you what we will cover.
Learning Goals
What is the plan for the next weeks?
Segment 0
This segment is about introducing the topic.
Description
This video introduces historic ciphers.
Learning Goals
Why are we not talking about historic ciphers?
Description
Why are we talking about cryptography?
Learning Goals
Why you should care about this segment.
Description
This video shows what we will do for the next weeks.
Learning Goals
What topics are we gonna cover?
Description
This video tells you about a basic principle of modern cryptography.
Learning Goals
What is the OTP and why is it secure?
Description
This video shows how to handle bytes and integers in Python.
Learning Goals
Learn about bytes, byte arrays and integer conversion.
Description
This video shows how to hack time.
Learning Goals
Is it possibl to hack time?
Segment 1
This segment is about symmetric cryptography.
Description
This video introduces symmetric cryptography.
Learning Goals
What is symmetric cryptography?.
Description
This video introduces block ciphers.
Learning Goals
What is a block cipher and why should i care?
Description
This video gives an idea about how big a 256 bit number is.
Learning Goals
Are 256 bit really that much?
Description
This video introduces stream ciphers.
Learning Goals
What is a stream cipher and why should i care?
Description
This video shows how unintuitive cryptography can be by the example of mitm attacks.
Learning Goals
How does a mitm attack work?
Errata:
Instead of 256 I, of course, wanted to say 2 to the power of 56.
Segment 2
This segment is about block cipher modi.
Description
This video tells you why we need padding.
Learning Goals
How does padding work?
Description
This video tells you how ECB works.
Learning Goals
How can ECB be exploited?
Description
This video tells you how CBC works.
Learning Goals
How can CBC be exploited?
Description
This video tells you about a common security vulnerability: The CBC padding oracle.
Learning Goals
How does a padding oracle work and how can it be exploited?
Description
This video tells you how CTR works.
Learning Goals
How can CTR be exploited?
Segment 3
This segment is about hashes and message authenticity.
Description
This video explains what hash functions are.
Learning Goals
What is a cryptographic hash function?
Description
This video briefly illustrates what rainbow tables are about.
Learning Goals
How can website find input to a hash digest?
Description
This video gives an overview about MACs and what they are used for.
Learning Goals
What are MACs and how could they be screwed up?
Description
This video introduces authenticated encryption and different modes to use it.
Learning Goals
What AE mode should you use?
Segment 4
This segment is about unrelated things.
Description
This talk is informative and entertaining, but has nothing to do with cryptography.
Learning Goals
What is the state of security?
Homework
In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:
- FYI (not a homework) good and free course on cryptography by one of the best cryptographers in the world: On Coursera
- Reach the required amount of points at hackfest.redrocket.club at course HackPra-Week3. Use a search engine of your choice to find relevant information.
Week 4
Starting 2021-05-03
Segment -1
This segment is about this week.
Description
This video tells you what we will be different this week.
Learning Goals
What is the plan for this week?
Segment 0
This segment is about introducing the topic.
Description
This video introduces historic ciphers.
Learning Goals
Why are we not talking about Asymmetric Cryptography?
Description
This video shows topics we can discover in asymmetric crypto.
Learning Goals
What topics are we gonna cover?
Description
What is modular arithmetic?
Learning Goals
How to calculate modulo a number.
Segment 1
This segment is about the background on RSA.
Description
This video introduces the RSA public key encryption system.
Learning Goals
How does RSA work?.
Description
This video explains the phi function, one of the building blocks of RSA.
Learning Goals
What is the phi function?
Description
This video shows what an RSA key is made of.
Learning Goals
How is an RSA key generated?
Description
In this video we will look at an implementation of RSA.
Learning Goals
How could an RSA implementation look like?
Description
This video shows how PyCrypto implements RSA.
Learning Goals
Is it really that simple?
Segment 2
This segment is about choosing bad parameters.
Description
This video tells you about fermat factorization.
Learning Goals
What is fermat factorization?
Description
This video tells you about pollards p-1 method.
Learning Goals
What is pollard p-1?
Description
This video tells you about wiener's attack.
Learning Goals
What is pollard wiener's attack?
Segment 3
This segment is about common pitfalls.
Description
How bad is bad entropy?
Learning Goals
Can a common factor lead to problems?
Description
How important is key size?
Learning Goals
Key size is very important.
Description
Why don't we share a modulus?
Learning Goals
Shared modulus attack.
Description
Why is textbook RSA bad?
Learning Goals
What do we need padding for?
Segment 4
This segment is about bad padding.
Description
This video introduces an important property for RSA.
Learning Goals
Description
This video shows how not to do padding.
Learning Goals
Why is a darping pad a bad idea?
Description
How can bad padding be exploited?
Learning Goals
Is bad padding insecure?
Description
Is it better to prefix something as padding?
Learning Goals
How can prefixed padding be exploited?
Description
How is padding actually implemented?
Learning Goals
Homework
In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:
- You only need 50 points to pass this week. I'm mainly interested if you can solve kekse with the supplied literature.
- Read up on how RSA signing works, e.g. here.
- Read up on the bellcore attack, e.g. Section 5.2 here. Then solve the task "keks".
- I recommend pycryptodome for the tasks
- Reach the required amount of points at hackfest.redrocket.club at course HackPra-Week4.
Week 5
Starting 2021-05-10
Segment -1
This segment is about the next weeks.
Description
This video is a small good bye.
Learning Goals
What will be next?
Segment 0
This segment is about entropy.
Description
This video introduces Entropy.
Learning Goals
What is Entropy in applied Cryptography?
Description
Why is Entropy a Problem in modern Computers?
Learning Goals
How do we get entropy in a deterministic machine?
Description
This video shows how LibreSSL generates entropy
Learning Goals
How is it actually done?
Description
How does Linux generate entropy?
Learning Goals
What is /dev/urandom and where does it come from?
Description
This video introduces hardware RNGs.
Learning Goals
What are hardware RNGs and should we trust them?
Description
This video introduces pseudo random number generators.
Learning Goals
What does "import random" really mean?
Segment 1
This segment is about *the linear congruential generator.
Description
This video introduces LCG PRNGs.
Learning Goals
What is an LCG?.
Description
This video explains how to go backwards with an LCG.
Learning Goals
How do you recover previous states?
Description
This video shows that you can recover LCG parameters.
Learning Goals
How do you recover an LCG just by its output?
Description
In this video tells you that it is not safe to use partial LCG output.
Learning Goals
It is not safe to use partial LCG output.
Description
This video shows an example exploit for PRNG misusage.
Learning Goals
Can you attack real systems with this?
Segment 2
This segment is about the mersenne twister.
Description
This video tells you about the mersenne twister PRNG.
Learning Goals
What The Function is a MT?
Description
This video tells you how the mersenne twister works.
Learning Goals
What does the MT taste like?
Description
Is the MT reversable or predictable
Learning Goals
Predicting previous and future output of an MT.
Segment 3
This segment is about ECC and ECDSA.
Description
Was ist ECC und wie signiere ich damit?
Learning Goals
Verstehen wie Elliptische Kurven funktionieren
Homework
In this week's homework you're supposed to learn how entropy fails can be exploited. The homework consits of these tasks: