Allikas: Lambda

Information Systems Hacking Attacks and Defence

Course Description

  • Schedule
    • The course will be conducted on the second half of Autumn semester of 2010/2011
    • First lecture/lab on 26th of October
  • EAP: 3.00
  • Course Objectives and Organization
    • Main objective is to give a good technical overview of different attack methods and vulnerabilities the attackers are exploiting to compromise IT systems.
    • We will not use strong academic approach. Rather, we will focus on the current problems and practical issues of IT security.
    • There will be less lectures and more hands-on work and demo's on lab systems
    • The labs are built around Capture The Flag Exercises
      1. We set up purposely vulnerable systems
      2. Student's job is to identify vulnerabilities, gain access somehow and find the flag from the systems
      3. First one gets the most points
      4. Afterwards: securing and patching the systems
  • Instructors
    • Responsible: Kaur Kasak, kaur.kasak(at), +372 52 17 946
    • There will be several instructors for this course (most of them from Estonian Cyber Defence League): Mehis Hakkaja, Kalev Kuusik, Andri Rebane, Roman Palik, Kuido Külm, Tarko Tikan
    • Our aim is get presentations from persons who have strong real-world experience
  • Contents
    • In general courses will be structured around typical attack phases. Going from Layer L2 to L7.
    • The course is still under development and the exact contents depend on the instructors we are able to motivate to participate
    • More active students will have opportunity to make presentations
  • Prerequisites
    • Experience in administrating Linux and Windows based systems
    • Understanding of main networking protocols (IP, TCP, UDP, ICMP, ARP, DNS, HTTP)
    • Some experience with web technologies and relational databases (HTML, PHP, MySQL, Javascript)
    • Programming skills in any standard high-level language
  • General List of Topics
    1. Introduction. Demo of the main phases of a penetration test
    2. Reconnaissance and Scanning
    3. Password and Brute-Force Attacks
    4. Man-In The Middle Attacks
    5. Attacks and Defence of Network Infrastructure
    6. Exploitation
    7. Web Application Security
    8. Maintaining Access and Hiding Tracks


  • Starting from the second half of the semester
  • Tuesdays, 17:00-20:15
    • 17:00-17:40 IT-137A:
    • 17:45-20:00 IT-213B

I: 26 Oct

II: 02 Nov

III: 09 Nov

  • Admin Issues:
    • There are still topics available for presentations on Web Application Security (Up to 15 points). Propose your own topic or review the list Fail:Administrative.Notes.pdf
    • Next time there will be individual work but no lectures!
    • Grading of Practical Assignments

IV: 16 Nov

  • No lectures - solving practical exercises in Lab and writing the report
  • Instructions will be provided NLT 14 Nov 2010

V: 23 Nov

  • Exploitation (Roman Palik)
  • Practical exercises

VI: 30 Nov

    • Practical exercises if there is enough time...
  • Administrative Notes
    • Lab is open: until Sat 04.12.2010 12:00, From Thu 09.12.2010 20:00 - 23.12.2010
    • Lab is closed from Sat 04.12.2010 12:00 - Thu 09.12.2010 20:00
      • Exception is Tue Dec 7th

VII: 7 Dec

VIII: 14 Dec

  • We will start 17:45 in IT-213B
  • There will be no lecture but the last set of practical exercises will be activated.
  • One of the tasks on XSS requires simulated user activities, so for faster and better coordination you should attend the class.
  • Administrative issues
    • Deadline for the written report about lab exercises is 14 Dec 2010!

Grade assignment

  • 35p - Practical Exercises
    • It is important how many Tasks you have completed in the end of the semester. If you have completed all the tasks, you will get 35
    • The results on the scoreboard are important only to identify first 5
    • Points for practical exercises: (nr of tasks completed/total nr of tasks (19)) * 35p
  • 15p - Written Assignment - report about the specific practical tasks
  • 50p - Written Exam
  • Bonus:
    • 50p - 5 most successful CTF participants
    • Up to 15p for Presentation on Web Application security



  • 12 Jan 2011 10:00 IT-140, results NLT 16 Jan 2011
  • 20 Jan 2011 10:00 IT-140, results NLT 23 Jan 2011


The exam will be in written form (pen and paper), closed-book (you are not allowed to use materials, internet, your computer, etc). There will be approximately 10 questions covering topics from both the labs and lectures:

  • Anatomy of an attack. Typical attack phases.
  • Scanning and Enumeration
    • DNS enumeration. Phases of Scanning. Different Methods for Scanning (ARP, ICMP, UDP, TCP ping for host discovery, TCP and UDP port scaning methods, ...)
  • Password and Brute-Force Attacks
    • How passwords are stored on Linux and Windows. Difference between guessing and cracking. Salt in passwords. Windows LM hash weaknesses. Rainbow tables. Pass-the-hash (why and how does it work).
  • Attacks and Defence of Network Infrastructure
    • VLAN hopping. CAM table flooding and Switch Port Security. DHCP attacks. ARP attacks. DHCP snooping and dynamic ARP inspection. STP and CDP attacks. Private VLANs. 802.1x. DoS attacks
    • What is BGP. Attacks against BGP routing infra (flooding routers, TCP session RST, hijacking IP prefixes). IPv6 impact on Internet security
  • Exploitation: stack based buffer overflows.
  • Web Application Security
    • Path Traversal
    • Code injection: OS command injection, SQL injection.
    • Same-Origin Policy. Cross-Site Scripting (reflected and stored). Cross-Site Request Forgery.
    • Attacks against Session Management.
    • File Upload security. Local and Remote File Inclusion. Null-byte poisoning
    • HTTP parameter pollution