NYU Tandon's OSIRIS Lab's Hack Night

Developed from both the materials of the NYU Tandon's Introduction to Offensive Security and old Penetration Testing and Vulnerability Analysis course, Hack Night is a sobering introduction to offensive security. A lot of complex technical content is covered very quickly as students are introduced to a wide variety of complex and immersive topics over thirteen weeks.

Hack Night culminates in a practical application of the skills and techniques taught, students complete a research project inspired by one of the lectures or exercise materials. By the end of the course, each student is expected to have a good understanding of all topics and a mastery of at least one topic.

Due to the involved nature of this course, we recommend students attend Hack Night in person.

Logistics

If you have any questions, or would like to attend a Hack Night session, you can contact or [email protected] or you can ask us in Discord.

Hack Night is run every Thursday during the regular semester at 7 PM on the 10th floor of 370.

OSIRIS Lab 370 Jay Street Brooklyn, NY 11201

Week 0 (01/31): Background

In order to get the most out of Hack Night, you should be familiar with some basic security concepts.

Lecture Materials

1. PicoCTF Resources

Resources

Application Security

1. OWASP Secure Coding Principles

Web Security

1. OWASP Top 10

Week 1 (01/31): Introduction (Kent Ma)

This is an introduction session to the Hack Night curriculum, this session tries to give an overview of what rest of Hack Night sessions is to be followed. More importantly, it also gives the ethics necessary to keep in mind when you learn something as powerful as you're going to do now. Next, we will cover various types of disclosure that hackers have followed since its inception.

Before diving into the Hack Night semester, we recommend you take a look at the resources below and become familiar with some of the material. This session will cover Code Auditing. Code Auditing an application is the process of analyzing application code (in source or binary form) to uncover vulnerabilities that attackers might exploit. By going through this process, you can identify and close security holes that would otherwise put sensitive data and business resources at unnecessary risk. Topics that will be covered are Identifying Architectural, Implementation and Operational vulnerabilities.

Lecture Materials

1. Slides
2. The Art of Software Security Assessment
3. Integer Overflows
4. Catching Integer Overflows
5. The Fortify Taxonomy of Software Security Flaws

Resources

1. IRC: #hacknight on isis.poly.edu port 6697 (ssl only)
2. OSIRIS Lab Blog
3. OSIRIS Lab Github
4. Project Ideas
5. CTF 101
6. Mailing List
7. OSIRIS Lab Calendar

Tools

1. Source Navigator
2. Scitools Understand
3. List of tools for static code analysis

Workshop

1. OSIRIS Wargames

Week 2 (02/07): Client-Side Web Security (Kent Ma)

This session will cover client-side web hacking. This session is about familiarity with various client-side applications in web applications. We will also look at exploitation mitigations that your current browser implements. Topics include XSS, CSRF, Same-Origin Policy, XSS-Protection, and Content-Security-Policy.

Lecture Materials

1. Slides

Workshop Materials

1. Google XSS game
2. Hacknight CSP Game

Resources

2. The Tangled Web
3. OWASP Top 10
4. OWASP Top 10 Tools and Tactics
5. OWASP XSS Filter Evasion Cheat Sheet

Weeks 3 (02/14): Server-side Web Security (John Cuniff)

This session will cover web hacking. This session is about getting familiarity with various vulnerabilities commonly found in web applications. You will be able to identify and exploit web application vulnerabilities. Topics to be covered are:

• SQL Injection
• File inclusion
• Directory Traversal
• Object deserialization
• External Entities (XXE) Injection
• CRLF Injection
• Server-Side Request Forgery
• WAFs and filter bypasses

Lecture Materials

1. Slides

Workshop Materials

1. OSIRIS Wargames

Resources

1. The Tangled Web
2. OWASP Top 10
3. OWASP Top 10 Tools and Tactics

Tools

1. Burp suite

Week 4 (02/21): Reverse Engineering, Part 1 (Mina Zhou)

This session is about Reverse Engineering. Most of the software we use everyday is closed source. You don't have the liberty to look at the source code, at this point we need to analyze the available compiled binary. Reversing a binary is no easy task but can be done with the proper methodology and the right tools.

This first week will be a primer on x86 assembly and low level programming.

Lecture Materials

1. Slides

Workshop Materials

In this section we will go through the basic idea of a binary and how your source code is converted into an executable form. We will then look at the assembly language used by executable programs and develop our own low level programs. We will write simple assembly language programs and teach the basic skills needed to understand more complex assembly language uses.

This is going to be a workshop were we will write programs at assembly level. Once, we get familiar to basic x86 instructions we will switch to analyzing a real application and try to get high level understanding of what the application is doing. The goal would be to get familiar with calling conventions, stack and stack frames.

1. Assembly Programming Exercises

Resources

1. Binary Ninja Demo
2. IDA Demo
3. x86 Win32 Reverse Engineering Cheatsheet
4. IDA Pro Shortcuts
5. All Materials for Introductory Intel x86
6. Reverse Engineering
7. nasm
8. x86 Intel Manuals

Week 5 (02/28): Reverse Engineering, Part 2 (Roy Xu & Nobel Gautman)

We will present you with an application which has no source code. Your job is to understand what the application is doing and figure out any loopholes present in that application. You'll use static analysis tools like IDA to analyze the binary and get a complete understanding of the application.

Lecture Videos

1. Slides

Resources

1. Binary Ninja Demo
2. IDA Demo
3. x86 Win32 Reverse Engineering Cheatsheet
4. IDA Pro Shortcuts
5. All Materials for Introductory Intel x86
6. Reverse Engineering
7. nasm
8. x86 Intel Manuals

Week 6 (03/07): Reverse Engineering, Part 3 (Sai Vegasena)

For this lesson, we will be looking at dynamically reversing a binary. We will use a debugger to look into a running process's memory. Also, we will use

Lecture Materials

1. Introductory Intel x86 Lectures

Workshop Materials

1. Pwndbg GDB Plugin

Resources

1. Binary Ninja Demo
2. IDA Demo
3. x86 Win32 Reverse Engineering Cheatsheet
4. IDA Pro Shortcuts
5. All Materials for Introductory Intel x86
6. Reverse Engineering
7. nasm
8. x86 Intel Manuals
9. GDB Commands Cheatsheet

Week 7 (03/14): Reverse Engineering, Part 4 (Nick Gregory)

Last week you dynamically debugged and reverse engineered a program that used a basic anti-reverse engineering technique. We will be going over some anti-reverse engineering protections.

Lecture Materials

1. Slides

Workshop Materials

1. OSIRIS Wargames

Resources

1. Binary Ninja Demo
2. IDA Demo
3. x86 Win32 Reverse Engineering Cheatsheet
4. IDA Pro Shortcuts
5. All Materials for Introductory Intel x86
6. Reverse Engineering
7. nasm
8. x86 Intel Manuals
9. GDB Commands Cheatsheet

Week 8 (03/28): Memory Corruption, Part 1 (Roy Xu)

In this week's session, we will go over some advanced concepts related to computer security. We will go over various memory errors that an application can cause often leading to catastrophic results. Topics that will be covered are various memory errors like buffer overflows, uninitialized variables, use after free etc. and how we can use them to take control of an application.

Lecture Materials

1. Slides

Workshop Materials

1. OSIRIS Wargames

Resources

1. Smashing the Stack for Fun and Profit
2. Vagrant
3. IDA Demo
4. pwndbg
5. pwntools

Week 9 (04/04): Memory Corruption, Part 2 (Roy Xu)

This week, We will look at exploitation mitigation that your current OS implements, it's not 1988 anymore. We will look at some techniques used to bypass modern mitigations. We will also go over useful tools and techniques for writing exploits.

Lecture Materials

1. [Slides](Pwn/Memory Corruption Part 2.pdf)

Workshop Materials

1. OSIRIS Wargames

Resources

1. Smashing the Stack for Fun and Profit
2. Vagrant
3. IDA Demo
4. pwndbg
5. pwntools

Week 10 (04/11): Heap Exploitation, Part 1 (Roy Xu)

In this week, we will cover the fundamentals of the Heap. We will primarily focus on the glibc implementation of the heap, but these techniques will apply to other implementations as well. We will go over the basic idea of how Glibc malloc behaves and is implemented, and then go into the following introductory heap exploitation techniques:

• Use after free
• Heap spraying
• Heap overflows
• Unlink
• Overlapping chunks
• Nullbyte poison

Lecture Materials

1. Slides

Workshop Materials

1. OSIRIS Wargames

Resources

1. Smashing the Stack for Fun and Profit
2. Vagrant
3. IDA Demo
4. pwndbg
5. pwntools
6. How2heap

Lecture Material

1. Post Exploitation

Week 11 (04/18): Heap Exploitation, Part 2 (Roy Xu)

In this week, we will cover the advanced heap exploitation techniques.

Lecture Materials

1. Slides

Workshop Materials

1. OSIRIS Wargames

Resources

1. How2heap
2. Vagrant
3. IDA Demo
4. pwndbg
5. pwntools

Week 12 (04/25): Kernel Exploitation

In thi sweek, we will cover the fundamentals of operating systems and how we can use our memory corruption skills for operating systems. The techniques and fundamentals will be the same, but there will be slight differences in the ecosystem, goals, and functions called for kernel exploitation.

Lecture Materials

1. Slides

Workshop Materials

1. OSIRIS Wargames

Resources

1. RPISEC's Modern Binary Exploitation
2. Vagrant
3. IDA Demo
4. pwndbg
5. pwntools

Conclusion

Hack Night is designed to culminate in each student developing some kind of deliverable related to computer security, the goal being that everyone leaves the program with more knowledge about security.