4MMSR-Network Security 2012-2013-other random ideas

De Ensiwiki
Révision de 21 mars 2013 à 06:14 par Duchenef (discussion | contributions)

(diff) ← Version précédente | Voir la version courante (diff) | Version suivante → (diff)
Aller à : navigation, rechercher
  • learning / inference:
    • analayze the exploration strategies of current ajax web-crawlers and improve one
  • reversing:
    • reverse the new structures of the Windows 8 kernel
  • exploit writing:
    • exploiting a recent in memory vulnerability that was disclosed max: 2 months old. Preferably on closed source programs.
    • HTML5 heap spraying [1]
  • active test generation, FUZZING:
    • over the wire .. with scappy
    • wireshark dissectors fuzzer
    • the windows kernel fuzzer

  • antivirus security:
    • antivirus fuzzing
    • experiment on detection limitation of at least two antiviruses
    • rooting an antivirus: read SophFail by @taviso, and apply similar techniques to the antivirus we choosed together.


  • static obfuscation:
  • javascript
    • virtual machine:
  • implementing a tool that obfuscate using the methods A, B, C
  • PKIX+DNSSEC: write a state of the art and set-up an infrastructure of virtual machines implementing the following "protocols": PKI, DNSSEC, DANE, CAA (ref: DNSSEC à la rescousse de PKIX, Florian Maury (HSC), MISC n 63, Sept/Oct 2012, p76-82)
  • malware classification: define metrics