-
Be the first to like this
Upcoming SlideShare
Honeypots, Cybercompetitions, and Bug Bounties
- 1. Honeypots, Cybercompetitions, and Bug Bounties Oct 1, 2016 Sam Bowne City College San Francisco All materials available at samsclass.info
- 2. Violent Python • Step-by-step project • Challenges • No instructions • Increasing difficulty • ty @mqaissaunee
- 3. April 2014: Heartbleed
- 4. Vulnerable Android Devices
- 5. A Job from One Tweet
- 6. Exploit Development Class
- 7. CNIT 127: Exploit Development
- 8. Buffer Overflow Vulnerability • Input more than 1024 bytes will overflow the buffer
- 9. DoS Exploit
- 10. Nonrepeating Pattern
- 11. Gnu Debugger
- 12. Generate Shellcode with msfvenom
- 13. Construct Exploit
- 14. The Stack Frame • The last word is the return value • Must jump into the NOP sled
- 15. Listening Shell
- 16. Pwnage Remote Code Execution
- 17. PHP Shell
- 18. Tripwire
- 19. Complete Report
- 20. Simple Violations Log
- 21. Vulnerability Disclosure
- 22. • ty @bugcrowd
- 23. Hacked by Anonsec
- 24. XSS
- 25. Rooted My Server
- 26. Rooted Twice the Same Way • My first attempt to patch the vulnerability failed • With the help of a student, I got my kernel updated after this
- 27. Stealing My Password • Shoulder surfing • http://tinyurl.com/ samspw
- 28. CTFs
- 29. How to Start 1. PicoCTF 2. EasyCTF 3. CTFTime
- 30. • Many levels, from very easy to very hard • Complete walkthroughs
- 31. Graphical Gameboard
- 32. • 1 week long • Many easy problems, but also hard ones • Sign up to hear about other easy CTFs
- 33. Write-Ups
- 34. Find CTFs
- 35. Walk-Throughs!
- 36. Hacking Club
- 37. Remote Speakers • Projector, webcam, Skype, speakers • Two talks from professional penetration testers
- 38. Student Contributions • Cleaning up the lab to make an inviting hangout space • Bridging to the CCSF_Coders club • Technical expertise from Google vuln labs • Hacker contacts from Defcon, etc.
- 39. Hacking Lab Free Fire Zone
- 40. Signs on Wall
- 41. Keylogger • One student wrote a Python keylogger and installed it on the lab machines
- 42. Internships
- 43. Employers • OpenDNS • NASA Ames • Lawrence Berkeley Lab • San Francisco Housing Authority • UCSF Medical Center
- 44. Job Fair • Students bring resumes at first (and only) class meeting • Employers describe jobs and grab applicants on the spot • Everyone welcome, including ex-students, students from the Computer Science department, students not enrolled in the internship class
- 45. Administrative Resistance • CCSF administrators cancelled the entire program in Spring 2015 • I only saved it by appealing directly to the Chancellor and threatening to resign • However, the person who cancelled it is now the Chancellor
- 46. Administrative Resistance • The new curriculum review process doesn't allow any class without lectures, textbook, final exam, etc. • This blocks seminar classes and Internship classes • The solution is to just break the rules--this is what tenure is for
- 47. Guest Speakers • At least one per class per semester • "Careers" class consisting of visiting industry speakers
Be the first to comment