Curriculum

This is tentative and coverage could vary.

Module 1: Introduction

• Using VM’s
• Introduction to CTF’s
• Familiarize with our assignment and CTF setups
• Pentesting and career prospects

Module 2: Web Security

• nc, curl, httpie, browser tools, Burp Suite, JavaScript
• OWASP Top 10
• HTTP protocol
• SQL Injection
• Cross Site Scripting
• Cross Site Request Forgery
• IDOR
• Timing attacks

Module 3: Reverse Engineering

• Crash course into x86 ASM, Linux calling convention
• Crash course into ELF
• Crash course into libc, program loading
• gdb, radare2, ghidra, objdump, strings, nm, strace
• Examples

Module 4: Pwning

• Buffer Overflow
• Format String Bugs
• ROP
• Protection Mechanisms (DEP, Canary, NX, ASLR) and their bypasses.
• Unix FHS, shells
• Common exploits

Module 5: Cryptography

• Theory (stupid encryption schemes, modulo arithmetic, asymmetric and symmetric encryption)
• Examples

Module 6: Hardware

• Side-channels
  • On workstations: caches, software power interfaces
  • On embedded systems: physical power attacks
• Speculative execution attacks
  • Spectre
  • Speculated Faulted loads: Meltdown and MDS
• Trusted Execution Environments
  • Vulnerability to Side channels
  • Vulnerability to Fault attacks