4MMSR-Network Security-2011-2012

De Ensiwiki
Aller à : navigation, rechercher

Mycomputer.png  Deuxième Année  CDROM.png  Informatique  Security logo.png  Sécurité 

Course information

Kak dela Komrad!

Brief summary

The increased use of computer systems and networks for every work together with the various emerging threats and the rise of their automation participated in security of becoming such a major concern. This course will present the main aspects for attacking a system that is yours (aka Offensive Security) and very important, protecting those (aka Defensive Security). Focus will be made on network related vulnerabilities.


Assumed background

This course relates to...


  • Lectures

2012-02-01 *Fichier:4MMSR-Network Security-2011-2012-0-Introduction.pdf (student version, if you are a security professional and are wishing the full version contact me)
*Fichier:4MMSR-Network Security-2011-2012-1-Cryptography.pdf, K. Hossen MSc2 version: Fichier:5MMSSI-2011-2012-3-1.cryptography-introduction.pdf
Read again: 3MMRTEL (C6, Cryptography and Security)
Practical exercices for the very next lecture: Parts 3 and 4 of 5MMSSI-2011-2012-practical_assessment-cryptography_and_applications

Read again: 3MMRTEL- C2 - Premiers pas dans l'Internet) + 3MMRTEL - S1 - Adresses Internet et annuaire DNS + 3MMRTEL - S3 - Le courrier électronique
4MMRES LAN + 4MMRES Network Layer+ 4MMRES - DHCP and NAT

Fichier:4MMSR-Network Security-2011-2012-2-some network attacks and counter-measures student.pdf
(student version, if you are a security professional and are wishing the full version, contact me)
Exercices for the very next lecture: read the PKI section Fichier:4MMSR-Network Security-2011-2012-1.2-some cryptographic applications student.pdf and solve exercices 1 and 2 of 5MMSSI-2011-2012-practical_assessment-cryptography_and_applications and exercice 2 of Fichier:5MMSSI-2011-2012-final exam session 1-FR FR.pdf

Fichier:4MMSR-Network Security-2011-2012-1.2-some cryptographic applications student.pdf
For the next lecture:
* Exercise 3.1 (Kerberos) of Fichier:TEL2A-Network Security-Exercises-2011-04-06.pdf
* Exercise 3.2. (DNS Cache poisoning) of Fichier:TEL2A-Network Security-Exercises-2011-03-23.pdf (read the DNS section in Fichier:4MMSR-Network Security-2011-2012-2-some network attacks and counter-measures student.pdf before!)
* Exercices (802.11, proxy, firewall) questions 7 till 13 (included) of Fichier:TEL2A-Network Security-Exercises-2011-04-20.pdf
* 4MMSR-2011-2012-practical_assessment-DNS_cache_poisoning (will be published later on)
* Watch Public Key Cryptography: Diffie-Hellman Key Exchange
Read again:
* 4MMPSGBD (everything you saw until now in Database Management Systems and especially the Structured Query Language (SQL))]
* 3MMRTEL (S4 retour sur www)
Fichier:4MMSR-Network Security-2011-2012-3-Web security-student version.pdf
For the next lecture: 5MMMSI-2011-2012-practical_assessment-web_exploitations_and_basic_risk_analysis (questions 2 till 14)
(Optionnal): discover within WebGoat and Gruyere vulnerabilities we saw during the lecture
2012-03-13 Seminars: 4 (total)
User:aromatat + User:freysst - Fichier:4MMSR-2011-2012-student seminar-A Low-cost Attack on a Microsoft CAPTCHA, Jeff Yan, Ahmad Salah El Ahmad, 2008.pdf
user:delpechc + user:fontainl - Fichier:4MMSR-2011-2012-student seminar-Wi Fi Advanced Fuzzing.pdf ( + Fichier:4MMSR-2011-2012-student seminar-Wi Fi Advanced Fuzzing-lecture notes.pdf)
user:wuxue + user:zhangyu - Fichier:4MMSR-2011-2012-student seminar-Peer-to-peer botnets- overview and case study.pdf

2012-03-21 Read again: 4MMSEPC 4MMPS
Correction of practical assessment 5MMMSI-2011-2012-practical_assessment-web_exploitations_and_basic_risk_analysis (questions 2 till 14)
basics in Fuzz-Testing aka. Fuzzing
Seminars: 3 (total)
user:raymonbe + user:ouinem - Fichier:4MMSR-2011-2012-student seminar-A practical attack against GPRS EDGE UMTS HSPA mobile data communications - David Perez, Jose Pico - Black-Hat DC 2011.pdf
user:aubertad + user:brisont : Fichier:4MMSR-2011-2012-student seminar-Using Client Puzzles to Protect TLS.pdf
user:laviallb + user:grueld : Fichier:4MMSR-2011-2012-student seminar-Abusing Social Networks for Automated User Profiling.pdf
* For the next lecture (mandatory) Practical Assessment: Protocol Fuzzing in a BlackBox approach
Ask your questions on 4MMSR-2011-2012-TP_Fuzzing
* Fichier:4MMSR-Network Security-2011-2012-4-In-Memory exploitation and Shellcodes-student.pdf
* 5MMSSI-2011-2012-practical_assessment-basics_in_exploitation
Correction of Practical Assessment: Protocol Fuzzing in a BlackBox approach
Seminars: 4 (total)
user:hachicmo + user:sabilfa : Fichier:4MMSR-2011-2012-student seminar-Rainbow Tables probabilistes.pdf
user:mendyn + user:soumarmo : Fichier:4MMSR-2011-2012-student seminar-Reflection Scan- an Off-Path Attack on TCP, Jan Wrobel, 2012.pdf
user:lavaletl + user:broussep : Fichier:4MMSR-2011-2012-student seminar-Deception 2.0-Social networks for information operations - Christophe DEVAUX, Arnauld MASCRET, Frederic Raynal - HITB 2010.pdf
user:gsimm + user:benhamow : Injecting SMS Messages into Smart Phones for Security Analysis, Collin Mulliner, Charlie Miller, USENIX 2009
2012-04-05 * P. Malterre - The Onion Router (TOR). (slides will not be publicly available. contact the author or user:duchenef)
* P. Malterre - Information System Monitoring (slides will not be publicly available. contact the author or user:duchenef)

2012-04-18 K. Hossen
Seminars: 4
user:boumertl + user:boukioam : Fichier:4MMSR-2011-2012-student seminar-Analysis and Signature of Skype VoIP Session Traffic - Sven Ehlert, Sandrine Petgang.pdf
user:soutorid + user:yanenkod + user:richterf : Fichier:4MMSR-2011-2012-student seminar-W32.Stuxnet Dossier, Nicolas Falliere, Liam O Murchu, and Eric Chien - 2011.pdf
user:myesserh + user:mbarekw : Fichier:4MMSR-2011-2012-student seminar-Bitcoin- A Peer-to-Peer Electronic Cash System.pdf
user:martincl + user:tollardt Fichier:4MMSR-2011-2012-student seminar-Recent advances in IPv6 insecurities - Marc van Hauser Heuse - 27C3-CCC 2010.pdf
Homework for 2012-04-30:
* TOR practical assessment (P. Malterre and F. Duchene) Network Forensics practical assessment discussion page
* Metasploit - pratical assessment (ONLY 2. Information Gathering) Metasploit practical assessment discussion page

K. Hossen
Correction of TOR practical assessment (P. Malterre and F. Duchene) Network Forensics practical assessment discussion page
Correction of Metasploit - pratical assessment (ONLY 2. Information Gathering) Metasploit practical assessment discussion page
Work in small groups on previous theoretical exams (after seminars)
Seminar: 2 (total)
user:perniequ + user:gellenok + user:akp Fichier:4MMSR-2011-2012-student seminar-PoC(k)ET, les détails d'un rootkit pour Windows Mobile 6 - Cedric Halbronn - SSTIC 2010.pdf
user:Rocariem + user:petitalb : Fichier:4MMSR-2011-2012-student seminar-iPhone data protection in depth - Jean-Baptiste Bedrune, Jean Sigwald - HITB Amsterdam 2011.pdf
"Opening" homework for 2012-05-14:
* Web Services Security testing: some research advances in automated blackbox type-1 XSS vulnerability discovery using model inference assisted evolutionary fuzzing (dissemination of ITEA2 DIAMONDS research project)
* XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing
*watch and synthesize Retroactive Security a short talk given by Butler W. Lampson Microsoft Research

(optional) If you have some free time..
* watch and synthesize Applications of Grammatical Inference in Security and Program Analysis, Domagoj Babic (Berkeley), talk at Microsoft Research (and especially the part regarding how they semi-automatically infer a formal conjecture / model of the botnet)
2012-05-03 K. Hossen
Practical examination
Grenoble INP - Perform evaluation (S. Abry)
2012-05-14 Theoretical examination - Ensimag D207, 10pm30-12pm30. For more details, see 4MMSR-Network_Security-2011-2012#Examinations

Rooms and sessions available on: ADE 4MMSR


  • 5/20

You will form groups of 2 people (1 person only if the number of students is an odd number). After having selected a paper in the list (see below), you will prepare slides and present them to the class for 17 minutes (~ from 10 to 20 slides, including first slide, summary, references) + 3 minutes question. Slides have to be in english. Speech can be in french or english (your choice). Btw, I highly prefer references on the same slide as where you refer from...

Paper and week-choice

Send me an email, putting your buddy as CC, with title 4MMSR-2011-seminar, and indicate:

  • your ensimag usernames + firstname + last name
  • your 3 favorite papers that are not yet chosen (ordered by descending preference).
  • your 3 favorite talk dates (descending order)

Remark: FIFO paper attribution. No guarantee you will get your first choices.

Attention* Read (even very quickly) the paper you choose, to be sure you are interested in them!
  • You have to form your group and choose 3 papers, and a presentation date before Monday Feb 6th 2012, 11pm59 GMT+1. I will assign a group + paper + date to students who have not choosen by that time.

Slides advices

Basics in creating a presentation

  • How to give a Good Research Talk? Simon L Peyton Jones, John Hughes, and John Launchbury (aditionnal advices)
  • Suggested table of content (it is not MANDATORY to strictly follow such an order, but it might help you):
    • 1st slide: paper title, paper authors, paper year of publication, in which conference? students names + firstname + student email @ensimag.fr + link to this webpage https://ensiwiki.ensimag.fr/index.php/4MMSR
    • paper authors short bio (corporation / university, diplomas, field of work, h-index, g-index use academic.research.microsoft.com)
    • table of content
    • introduction / background knwoledge
    • the problem authors are trying to solve
    • their proposed solution / method
    • experiment results
    • limitations, counter-measures
    • conclusions / summary / overview of the key concepts and findings
    • references
    • backup slides: additional details, some questions people will ask you and for which you already have the answer, other cool stuff about the security researchers, also a small presentation of the researchers who are authors of that paper
  • WARNING: do not forget the very basics... on EACH slide:
    • slide number / total slide number
    • paper title, paper authors, year of publication
    • seminar date


Pre-talk reviews

Before your actual presentation, you will have several deadlines (see below). At each deadline, I will provide you comments such as: focus more on that given point, add a schema for explaining that notion, introduce more background, describe more formally the problem...

Mail subject:

Attached file: PDF version ONLY ; name your file DATE_OF_YOUR_TALK_-_STUDENT_1_-_STUDENT_2.pdf

At each step N+1 you should have included comments I made you at step N:

  • 3 weeks before: send a summary of the talk (dont write a too long summary and don't spend too much time on that 1 page is enough. 2 pages max), and a table of content (=TXT file) + in case of some points are unclear to you, write down the questions you are not able to answer yet regarding that paper.
  • 2 weeks before: send a first talk draft + the additional paper and sources references you will provide (=PDF file)
  • 1 week before: work in progress. should be nearly final (=PDF file)
  • 3 days before: nearly final version (=PDF file)
  • 1 day before: you would consider presenting to the class with those slides. an email containing your slides + a link to the paper should be sent to the teacher who will forward it to the class (=email containting PDF file + link)

Papers list

You can choose a paper (or eventually a talk) within that list, or propose me a topic by email (I will consider how it relates to the lecture content, its freshness and interest and then will decide if your proposed topic is accepted).

Offensive Security

Defensive Security

Grading scheme

  • speakers:
    • CONTENT:
      • index, synthesis
      • schema
      • formal explanation of the problem
      • identification of security properties
      • counter-measures (even if not present within the article, in that case you have to propose some and we will discuss them)
      • hardness of the topic
      • questions asked to the authors
      • questioning about such a choice, or (if applicable) discussion about the interpretation of results
      • demonstration of the attack or the counter-measure (if any)
    • FORM:
      • scheduling and respect of the time limit
      • balance in speaker time and content
      • interactions with public
  • audience:
    • participation: you are supposed to actively participate as public, and thereby prepare and ask questions
    • during the semester, each student is supposed to ask at least 3 questions
  • both:
    • courtesy
    • clarity, scientific rigor of talk and when asking or replying to questions
    • ability to critic a scientific approach in a constructive fashion (eg: in what extends are the results promising? limitations: how widely can this approach be applied? are some hypotheses too restrictive, unrealistic?... how can you improve what is proposed?)
  • theoritical exams
    • 5 presented papers among the total (~ 15) will be selected and questions will be asked during the exam
    • (thus take notes)
    • (ask questions if a point is unclear for you!)



If the students are willing to, best presentations will be presented by themseleves at SecurIMAG (no bonus point granted, but interesting for you and securimag members)

Practial assessments

All allong the semester you will have short practical assessments that you will do at home and that we will correct the very next lecture.

  • for practical exercises requiring a virtual machine, see the VirtualBox webpage.


  • WARNING: Electronic devices (including but not limited to cell phones, smartphones such as BlackBerry devices or iPhones, PDAs and other electronic and photographic devices) are not permitted during the exam. If you use them during the test, you will be dismissed from the exam, and will get a zero.
  • Only one two-sided A4 sheet will be authorized. Since specific tools and commands will only be evaluated during the practical assessment, you write TWO two-sided A4 pages: 1 for the practical assessment and one for the theoretical one.

Practical Examination

Synthesis: example of table of content


  • cryptool
  • gpg

web exploitation

  • nmap
  • telnet
  • live http headers
  • burp

virtual machines

  • virtualbox: configure virtual adapters and networks (bridge, host-only ...)


  • sulley - state based protocol fuzzing:
    • defining states
    • choosing fuzz primitives for each state according to the vulnerability you target
    • configuring transitions ("links" between states)


  • writing a msfconsole scanner
  • loading it, configuring it, and running it


  • argus, ra, racluster
  • tshark, wireshark, tcpdump
  • ssldump

Theoretical Examination

  • weight: 10/20 (1/2 of the course grade)
  • 3 papers over the total (~ 15) will be selected and questions will be asked during the exam
  • additional exercices will be in the exam
  • train yourself:

Previous THEORETICAL examinations

Synthesis: Example of Table of Content


0. introduction

  • security properties

1.1. cryptography - introduction (K. Hossen)

  • Vigenère
  • EBC vs CBC
  • RSA
  • DH
  • symetric vs asymmetric crypto

1.2. crypto applications

  • PKI: Signature, Certificat, CA, Revocation
  • WEP attack
  • Kerberos: Accès inter-domaine

2. Network Security

  • VLAN attacks
  • DHCP attacks
  • DNS cache poisoning
  • Firewall: gen 1, gen 2: TCP state model aware, gen 3:DPI
  • TOR (P. Malterre):
    • noeud entrant, sortant, comment est assuré l'anonymat?
    • comment detecte-t-on le traffic TOR (point de vue DPI) comment rend-t-on la détection plus difficile?
  • Intrusion Detection (P. Malterre)
    • points de capture: localisation, techniques

2. web vulnerabilities

  • injection
  • XSS (type-1, type2)
  • SQL injection
  • Path Traversal, LFI

3. fuzzing

  • mutation
  • generation
  • model-based
  • evolutionary


An exercice within the theoretical examination will deal with topics we saw during the seminar. I suggest you use few space for seminars on your synthesis sheet, since I will print you the presentation related to chosen papers. Questions such as: what is the problem authors do tackle? how do they (partly) solve it? what is the limitation of their approach? what are the violated security properties on which objects? how would you suggest doing for going beyond the limitations?