4MMSR-Network Security-2012-2013

De Ensiwiki
Aller à : navigation, rechercher

Mycomputer.png  Deuxième Année  CDROM.png  Informatique  Security logo.png  Sécurité 

Course information

Kak dela Komrad!

Brief summary

The increased use of computer systems and networks for every work together with the various emerging threats and the rise of their automation participated in security of becoming such a major concern. This course will present the main aspects for attacking a system that is yours (aka Offensive Security) and very important, protecting those (aka Defensive Security). Focus will be made on network related vulnerabilities.


Assumed background

This course relates to...


Rooms and sessions available on: ADE 4MMSR

Lectures Slides


Web Command Injections - Vulnerabilities and their Exploitation

Thursday, March 21st, 2013

  • Keywords:
    • State Model, Control Flow, Data Flow, Syntactic Confinement
    • Command Injection, Cross Site Scripting, SQL Injection, Shell Command Injection, PHP injection, File Inclusion

Smart-Fuzzing for vulnerabilities detection

Thursday, March 28th, 2013

  • Keywords: anomalies, vulnerability, grammar based fuzzing, mutation, generation, fitness function, taint-aware fuzzing, symbolic execution
  • Requirement:

Project - 1st in-class session

  • project teams due for Monday March 25th, 2013, 11AM59 GMT+1
  • slides introducing due for Saturday March 30th, 2013, 11AM59 GMT+1
  • classroom session: Thursday, April 4th, 2013

Botnet Hunting

Thursday, April 18th, 2013

  • keywords: stack based buffer overflow, forensics, reverse engineering, network

Project - 2nd in-class session

Thursday, May, 2nd 2013

Project - class presentation

Thursday, May, 13th 2013

  • you will present your result and an execution of your tool to the class

Applied Research Seminars

  • 8/20


OLD/PREVIOUS paper presentation exercise


Practial assessments

All allong the semester you will have short practical assessments that you will do at home and that we will correct the very next lecture.


  • WARNING: Electronic devices (including but not limited to cell phones, smartphones such as BlackBerry devices or iPhones, PDAs and other electronic and photographic devices) are not permitted during the exam. If you use them during the test, you will be dismissed from the exam, and will get a zero.
  • Only one two-sided A4 sheet will be authorized. Since specific tools and commands will only be evaluated during the practical assessment, you write TWO two-sided A4 pages: 1 for the practical assessment and one for the theoretical one.

Practical Examination

Theoretical Examination

  • weight: 7/20
  • 3 research presentation over the total will be selected and questions will be asked during the exam
  • additional exercises will be in the exam
  • train yourself: