Offensive Security SS2021

Video Lectures and further information on the course offensive security at Hochschule Bonn-Rhein-Sieg.

Week 0

Starting 2021-04-05

Segment 0

This segment is about introduction, motivation and formalities.

Description

Here I briefly talk about the ramifications of the lecture.

Learning Goals

Why is the audio bad some times?

Description

This is just a brief welcome video, introducing me and explaining why I am doing this as a video lecture. This was recorded pre-corona.

Learning Goals

Why am I doing a video lecture?

Description

This video introduces us, the lecturers.

Learning Goals

Who are we and where did we come from?

Description

This video tells you why you should do this lecture and why our approach is different.

Learning Goals

What is the purpose of learning offensive security? How did hacks in the recent past work?

Description

This video explains the formalities of the course.

Learning Goals

How to pass the course. Learn about the time schedule.

Description

This video is about the german law and how it deals with hackers.

Learning Goals

This tells you why you should not hack real systems in Germany.

Description

This video tells you how to submit your homework.

Learning Goals

How to register and login to the training platform. How to join the course and earn points.

Segment 1

This segment is about HTTP and the OWASP Top 10.

Description

This video tells you about HTTP 1.1, the protocol that makes up the world wide web.

Learning Goals

How does HTTP work? How do you issue an HTTP request?

Description

This video tells you about the famous OWASP Top 10 list.

Learning Goals

Learning what the OWASP is. What is the OWASP Top 10 list?

Description

This video shows how a typical implementation flaw in a web application looks like.

Learning Goals

Identifying real instances of the OWASP Top 10 vulnerability types.

Segment 2

This segment is about sessions in the HTTP.

Description

This video tells you about the need for sessions in HTTP.

Learning Goals

How are sessions usually implemented? What are they needed for?

Description

This video tells you about possible attacks on sessions and about ARP spoofing.

Learning Goals

How could sessions be attacked? What is ARP spoofing?

Description

This video shows how sessions could be broken via predicting or brute force.

Learning Goals

What could go wrong when implementing sessions?

Description

This video explains what CSRF is and why it is dificult to mitigate.

Learning Goals

What is CSRF? What are consequences of a CSRF attack?

Homework

In this week's homework you're supposed to get an understanding of how security relevant bugs occur. It's mainly about OWASP A2, A3 and A5. The homework consits of these tasks:

Week 1

Starting 2021-04-12

Segment 0

This segment is about giving an introduction to injections.

Description

This video gives an example of what we're working on this week: Injections

Learning Goals

What is an injection vulnerability?

Segment 1

This segment is about command injection.

Description

How can a exec call go bad?

Learning Goals

What is a command injection and how can it be exploited?

Description

How can filters go bad?

Learning Goals

White list > black list

Description

In this video we see real world examples of command injections.

Learning Goals

Command injections actually happen frequently.

Segment 2

This segment is about code injections.

Description

In this video we use PHP as an example of how code injections might look like.

Learning Goals

Learn how code injections can look like in PHP.

Description

As a not so obvious example of code injection, we look at Template injection.

Learning Goals

Find out why you have to be careful with templates.

Description

Not code, but dot-injection can also lead to problems.

Learning Goals

Find out what path traversal attacks are.

Description

In this video we'll look at a not so trivial example of a path traversal.

Learning Goals

Find out that path traversals actually exist.

Segment 3

This segment is about SQL injections.

Description

In this video we'll look at another type of injection: Database Injection.

Learning Goals

Find out how database/sql injection exploits work.

Description

In this video we'll see how data can be stolen with SQLi.

Learning Goals

Find out how UNION based SQLi works.

Description

In this video we'll see how data can be stolen without direct result output.

Learning Goals

Find out how error and time based SQLi work.

Description

In this video we'll see how difficult it can be to use filters.

Learning Goals

Get an understanding of how filter evasion and poorly designed APIs affect security.

Description

In this video we'll see another type of database injection.

Learning Goals

Understand that database injections can have many forms.

Homework

In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:

Week 2

Starting 2021-04-19

Segment -1

This segment is about what is different this week.

Description

I'll tell you how this week will be different.

Learning Goals

How is this week different?

Segment 0

This segment is about cross site scripting.

Description

This video gives an introduction to cross site scripting.

Learning Goals

What is XSS?

Description

James Mickens about JavaScript

Learning Goals

What is JavaScript and is it really that wierd?

Description

This video show why XSS is dangerous.

Learning Goals

How can XSS be exploited?

Description

We learn about simple xss mitigations and how to defeat them.

Learning Goals

How can XSS mitigations be bypassed?

Description

An actual XSS on google.com by Masato Kinugawa. It abuses a parsing differential between a JavaScript enabled and disabled context.

Learning Goals

Does XSS happen in big applications?

Segment 1

This segment is about XML security.

Description

This video introduces XML and XML injections.

Learning Goals

Why do we talk about XML?.

Description

This video introduces XXE Attacks.

Learning Goals

What are XXE attacks and why are they dangerous?

Segment 2

This segment is about serialization.

Description

This video introduces the concept of serialization.

Learning Goals

What is serialization?

Description

This video tells you how serialization can be exploited in Python.

Learning Goals

How can serialization be exploited in Python?

Description

This video tells you how serialization can be exploited in Java.

Learning Goals

Can serialization be exploited in a statically typed language?

Description

This video tells you how serialization can be exploited in PHP.

Learning Goals

How can serialization be exploited in PHP?

Segment 3

This segment is about race conditions and desynchronization.

Description

This video tells you when race conditions can occur and why they matter.

Learning Goals

What is a race condition?

Description

This video gives an example of how a race condition can look like.

Learning Goals

How can a race condition look like in reality?

Description

Albinowax about HTTP desync attacks.

Learning Goals

How can distributed systems be desync'ed?

Homework

In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:

Week 3

Starting 2021-04-26

Segment -1

This segment is about this week.

Description

This video tells you what we will cover.

Learning Goals

What is the plan for the next weeks?

Segment 0

This segment is about introducing the topic.

Description

This video introduces historic ciphers.

Learning Goals

Why are we not talking about historic ciphers?

Description

Why are we talking about cryptography?

Learning Goals

Why you should care about this segment.

Description

This video shows what we will do for the next weeks.

Learning Goals

What topics are we gonna cover?

Description

This video tells you about a basic principle of modern cryptography.

Learning Goals

What is the OTP and why is it secure?

Description

This video shows how to handle bytes and integers in Python.

Learning Goals

Learn about bytes, byte arrays and integer conversion.

Description

This video shows how to hack time.

Learning Goals

Is it possibl to hack time?

Segment 1

This segment is about symmetric cryptography.

Description

This video introduces symmetric cryptography.

Learning Goals

What is symmetric cryptography?.

Description

This video introduces block ciphers.

Learning Goals

What is a block cipher and why should i care?

Description

This video gives an idea about how big a 256 bit number is.

Learning Goals

Are 256 bit really that much?

Description

This video introduces stream ciphers.

Learning Goals

What is a stream cipher and why should i care?

Description

This video shows how unintuitive cryptography can be by the example of mitm attacks.

Learning Goals

How does a mitm attack work?

Errata:

Instead of 256 I, of course, wanted to say 2 to the power of 56.

Segment 2

This segment is about block cipher modi.

Description

This video tells you why we need padding.

Learning Goals

How does padding work?

Description

This video tells you how ECB works.

Learning Goals

How can ECB be exploited?

Description

This video tells you how CBC works.

Learning Goals

How can CBC be exploited?

Description

This video tells you about a common security vulnerability: The CBC padding oracle.

Learning Goals

How does a padding oracle work and how can it be exploited?

Description

This video tells you how CTR works.

Learning Goals

How can CTR be exploited?

Segment 3

This segment is about hashes and message authenticity.

Description

This video explains what hash functions are.

Learning Goals

What is a cryptographic hash function?

Description

This video briefly illustrates what rainbow tables are about.

Learning Goals

How can website find input to a hash digest?

Description

This video gives an overview about MACs and what they are used for.

Learning Goals

What are MACs and how could they be screwed up?

Description

This video introduces authenticated encryption and different modes to use it.

Learning Goals

What AE mode should you use?

Segment 4

This segment is about unrelated things.

Description

This talk is informative and entertaining, but has nothing to do with cryptography.

Learning Goals

What is the state of security?

Homework

In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:

Week 4

Starting 2021-05-03

Segment -1

This segment is about this week.

Description

This video tells you what we will be different this week.

Learning Goals

What is the plan for this week?

Segment 0

This segment is about introducing the topic.

Description

This video introduces historic ciphers.

Learning Goals

Why are we not talking about Asymmetric Cryptography?

Description

This video shows topics we can discover in asymmetric crypto.

Learning Goals

What topics are we gonna cover?

Description

What is modular arithmetic?

Learning Goals

How to calculate modulo a number.

Segment 1

This segment is about the background on RSA.

Description

This video introduces the RSA public key encryption system.

Learning Goals

How does RSA work?.

Description

This video explains the phi function, one of the building blocks of RSA.

Learning Goals

What is the phi function?

Description

This video shows what an RSA key is made of.

Learning Goals

How is an RSA key generated?

Description

In this video we will look at an implementation of RSA.

Learning Goals

How could an RSA implementation look like?

Description

This video shows how PyCrypto implements RSA.

Learning Goals

Is it really that simple?

Segment 2

This segment is about choosing bad parameters.

Description

This video tells you about fermat factorization.

Learning Goals

What is fermat factorization?

Description

This video tells you about pollards p-1 method.

Learning Goals

What is pollard p-1?

Description

This video tells you about wiener's attack.

Learning Goals

What is pollard wiener's attack?

Segment 3

This segment is about common pitfalls.

Description

How bad is bad entropy?

Learning Goals

Can a common factor lead to problems?

Description

How important is key size?

Learning Goals

Key size is very important.

Description

Why don't we share a modulus?

Learning Goals

Shared modulus attack.

Description

Why is textbook RSA bad?

Learning Goals

What do we need padding for?

Segment 4

This segment is about bad padding.

Description

This video introduces an important property for RSA.

Learning Goals

Description

This video shows how not to do padding.

Learning Goals

Why is a darping pad a bad idea?

Description

How can bad padding be exploited?

Learning Goals

Is bad padding insecure?

Description

Is it better to prefix something as padding?

Learning Goals

How can prefixed padding be exploited?

Description

How is padding actually implemented?

Learning Goals

Homework

In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:

Week 5

Starting 2021-05-10

Segment -1

This segment is about the next weeks.

Description

This video is a small good bye.

Learning Goals

What will be next?

Segment 0

This segment is about entropy.

Description

This video introduces Entropy.

Learning Goals

What is Entropy in applied Cryptography?

Description

Why is Entropy a Problem in modern Computers?

Learning Goals

How do we get entropy in a deterministic machine?

Description

This video shows how LibreSSL generates entropy

Learning Goals

How is it actually done?

Description

How does Linux generate entropy?

Learning Goals

What is /dev/urandom and where does it come from?

Description

This video introduces hardware RNGs.

Learning Goals

What are hardware RNGs and should we trust them?

Description

This video introduces pseudo random number generators.

Learning Goals

What does "import random" really mean?

Segment 1

This segment is about *the linear congruential generator.

Description

This video introduces LCG PRNGs.

Learning Goals

What is an LCG?.

Description

This video explains how to go backwards with an LCG.

Learning Goals

How do you recover previous states?

Description

This video shows that you can recover LCG parameters.

Learning Goals

How do you recover an LCG just by its output?

Description

In this video tells you that it is not safe to use partial LCG output.

Learning Goals

It is not safe to use partial LCG output.

Description

This video shows an example exploit for PRNG misusage.

Learning Goals

Can you attack real systems with this?

Segment 2

This segment is about the mersenne twister.

Description

This video tells you about the mersenne twister PRNG.

Learning Goals

What The Function is a MT?

Description

This video tells you how the mersenne twister works.

Learning Goals

What does the MT taste like?

Description

Is the MT reversable or predictable

Learning Goals

Predicting previous and future output of an MT.

Segment 3

This segment is about ECC and ECDSA.

Description

Was ist ECC und wie signiere ich damit?

Learning Goals

Verstehen wie Elliptische Kurven funktionieren

Homework

In this week's homework you're supposed to learn how entropy fails can be exploited. The homework consits of these tasks: