Projekt
restructering in progress:
There will be five small projects and five short tests in this course. The projects are mandatory and the tests are voluntary.
Reports:
You should submit the reports electronically in pdf or word format and use the subject "EITN50" in the email that contains the report. Send it to ben.smeets.lu@analys.urkund.se
In agreement with course evaluation there will no longer be a grading of the projects in "G" and VG. Grading of the project reports is done from two perspectives. One is "Sufficiency" and the other is "Presentation". Sufficiency refers to a sufficient correct answer on the assignments. One extreme is that you only write the bare essensence without much explanation. You are then at risk that your report from a "Presentation" point of view lacks the information that a report should contain. The presentation should be detailed enough for others to repeat(read verify) what you did. If these criteria are met you get a "P(ass)" mark. Sloppy reports are not accepted.
If your report needs corrections you are given a "U" mark. You can always improve a "U" mark to a "P" mark until the final deadline currently set to 24/10. You mast have a pass mark for all the five projects before you can pass this course. Exceptionally well-done reports will be rewarded by 0.1 points per report that will be added to your exam quiz results from which the final course grading will be determined..
Finally, the reports will be screened using "Urkund" for plagiarism (se:http://www.urkund.se/SE/om_urkund.asp).
Deadlines for the projects will be set as the course proceeds: consult Project assignments
IMPORTANT: Required additions/updates to the (any!) reports should be handed in latest 24/10.
On the first lecture the group list (group list.xls)will be passed around. Each group should enter their names on this list or send an email to Ben stating which people are in the group. A group should be two persons.
Username to login is group number, e.g adsec01, password communicated on first lecture.
Labspace is available according to the schedule in TimeEdit and will use the rooms E:4116, E:4118 at the 4th floor of the E-building. Access via students access cards (requires that you are registered to the course so we can give you access).
There will be 5 shorts tests available via moodle.eit.lth.se. You need to signup in the moodle system to take these tests. From the results of these tests your final grading for this course will be computed (you can here benefit from extra points received from your project reports). You will be given a limited number of attempts in each test but are free to do the test between it is opened and the closing date of 31/10.
Required additions/updates to the reports (thus for all projects) should be handed in latest Oct 24. Submit reports (pdf or word .doc format) to ben.smeets.lu@analys.urkund.se
Name the report in the following way "Project# - adsec##"
Project |
Release date |
Planned Content | link to the assignment |
Deadline |
Last update date |
1 | 3/9 | Data forensics: finding data on a disc image | Project1 | 14/9 | 1/10 |
2 | 10/9 | Wireless Offloading | Project2 | 28/9 | 14/9 |
3 | 17/9 | IPSec experiments | Project3 | 12/10 | 28/9 |
4 | 24/9 | Denial Of Service Attack | Project4 | 19/10 | |
5 | 6/10 | Advanced software exploitation | Project5 | 24/10 | 6/10 |
Christopher Jämthagen answers any questions regarding the projects during the following hours. Outside of these hours, he is available by e-mail. Note that the times may change.
Wednesdays: 09.30 -11.30 and 12.30-13.30.
Fridays: 09.30 - 11.30
Project 1: Data Forensics
The Project1 assignment that you can download from the following link project1. Below you find someadditional information and last minute info. On the lab machines there is a c:\adsec directory where you find copies of the image larger files you need.
WARNING: Be carefull when using the dd command on Unix machine when you create a flash drive from an image so that the target to write to is indeed the flash drive device and not your system or other disk. The dd will overwrite what it finds. On the lab machines you can use a virtual image of the deft live-cd.
Submission Instructions
Report of project 1 can be sent electronically (in pdf, word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Sunday 14/9, h 23.59
Objective
The objective of this project is to get an insight how to analyse data obtained from an image data file. The problem includes learning to reconstruct from scratch the file structure, correct errors, and to extract data.You also meet different tools to extract data.
Things you need
Part 1: Evidence File
Latex Table for your report: latex_table.txt
Part 2: Image files: flash0.E01 (7.3MB) and flash1.E01 (39,7 MB)
For part 2, use the VM image in deft7.2.zip. You can copy the xxx.E01 files into the running deft virtual image by ordinary copy and past. In case you want to boot a live CD (USB), you might have to hit F12 (repeatedly) in the early stages of the boot process to get into the boot menu, where you are able to choose to boot from CD (USB). See the details in the project assignment.
- VMware image in deft8.2.zip (recommended and is also found on the LAB machine server)
extra image for those without usb stick.
Information Links
- FAT
- General information (Wikipedia)
- Fat12 description
- Skinny on Fat
- FATFS
- Fat Whitepaper ( very detailed/not easy to understand)
- DEFT 7 manual or most recent from http://www.deftlinux.net/deft-manual/
Tools
WARNING: These are 32-bit executables that may require XP compatible mode to run properly. You can also use the deftt image from the deft website (http://www.deftlinux.net/), The iso image works. The vmware appliance that was also available from that site did not work on my VMware software.
Hex editors:
There are many hex editors that are good enough. Below you find one powerfull (but not free) and a simple one (free). Others will likely do the job as well.There are good hex editors on unix/Linux systems too.
HxD free hex editor (lacks functions of WinHex but free)
WinHex editor trial version. (use this old version as newer ones limited the number of saves, requires may compatibility mode)
ZIP password recovery
Old program. The newer versions have restrictions.
Advanced ZIP Password Recovery (free/trial version)
Fat disc viewer
Results
Results are found here.
Project 2: Security in Wireless offloading
The Project2 assignment that you can download from the following link
Submission Instructions
Report of project 2 can be sent electronically (in pdf, word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Sunday 28/9, h 23.59
Objective
The objective of this project is to get you a bit familiar with security evalutations. In the project you will study three solutions that can be used to realize an offloading of an operators mobile ntework through the use of Wi-Fi technology. You will meet a set of assignments that guide you through a security analysis of the three solutions.
Things you need
See assignment
Information Links
See assignment
Results
Preliminary results are here (follow link).
Project 3 IPsec configuration and test
The Project3 assignment that you can download from the following link project3.
Below you find some additional information and last minute info.
Some of you experience problems while working on Question 14 of Project 3(IPsec). It is possible to generete the public-private key pairs outside the gateway and move them into the virtual machines but this must be done with some care so the existing PKI engine actually accepts them. Just placing them in the correct directory is not sufficient. You can use the existing keys and certificates but they do not work right away so also there you must think how the overcome the PKI engine restrictive policy. On the linux (fedora) machines you can switch keyboard (to swedish for example) by entering the "system-config-keyboard" command and follow the instructions (no restart is needed).
Submission Instructions
Report of project 3 can be sent electronically (in pdf, or word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Sunday 12/10, h 23.59
Objective
The objective of this project is to demonstrate how to configure a Roadwarrior scenario where a user uses a PC/laptop to connect with IPsec to a corporate network Gateway. You will learn how you can perform traffic analysis and how IPsec can pass a router with NAT (Network Address Translation). We also show how packet fragmentation can occur when securing a connection with IPsec
The VMware images can be downloaded to your home computer, although they constitute a hefty 16GB download.
In case you ruin the images on your C drive or the might become corrupted you can download fresh copies from http://distarchive.eit.lth.se/ssoa/ . Some files are several GB big so you need a rather good internet connection to fetch these files.
Things you need
Basically all is available on the lab computers but since they are shared by many the images in C:\adsec\SSL-IPSec can be come corrupted.
It may be useful to browse for information on traceroute for windows and linux in case you are not familiar with these commands.
Information Links
For more info ipsec demos and examples see ipseclab.eit.lth.se
Results
Preliminary results are here.
Project 4: DOS Attacks
The Project4 assignment can be downloaded using the following link project4.
Below you find some additional information and last minute info: Use the Windows TaskManager and/or BitmeterOS to measure the network use.
If you noticed problems with a crashing zombie.exe make the executable compatible for XP with service pack2 (right click on the file and choose Properties->Compatability)
2014-10-11: Several groups reported problems with the new CC and zombie files. Use the versions CC_2013 and zombie_2013 instead which lie under "old" directory.
Submission Instructions
Report of project 4 can be sent electronically (in pdf, or word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Sunday 19/10, h 23.59
Objective
The objective of this project is to get insight in Denial-of-Service attacks. Three experiments have to be performed. This project is a unique apportunity, however the tools are potentially harmfull. Use this opportunity under responsibility. For the same reason, students that do this project are subject to a specific rule of conduct. See the Project assignment.
Things you need
After reading the project assignment your should read the lab manual that you find here: Lab manual
You should run this project in our lab with the reserved computers. You find all the material there in the mounted drive S: (where \\homer\lab\adsec should be mounted).
NOTE 1: Because you may need at least 4 computers for the last experiment the number of groups that can work in parallel is limited. Again you can use the lab computers also outside the reserved slots but then only if no other course is just using them.
NOTE 2: If opening the VMWare images hangs, this might be because you are opening the files in a read-only directory. Copy the files to somewhere local, e.g., C:\adsecxx, and try again (Do not use the Desktop to place images as files on the Desktop are part of your profile which is loaded from from a central server when you login. Hence placing large files on the Desktop will slow down your login !!!)
Do not forget to configure your Apache with the correct port number when installing it. Otherwise you have to change in httpd.config file in C:\Program Files\Apache Software Foundation\Apache2.2\conf and restart Apache. Port number 8080 and 1337 are open in the firewall. we recommend you to use 8080 for the Apache web server.
Information Links
- Lab Manual
- Background Reading (Thanks Franz and Johan!)
- TCPView
Results
You can find them vi this link.
Project 5: Anatomy of an exploit
The description of project 5 can be downloaded using the following link.
Below
Submission Instructions
Report of project 5 can be sent electronically (in pdf, or word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Friday 24/10, h 23.59
Objective
The objective of this project is to get insight in how advanced exploitation of software works and how it can circumvent certain protections.
Things you need
The project assignment document includes everything necessary to get your started.
Information Links
Results