Projekt
There will be five small projects and five short tests in this course. The projects are mandatory .
- Instructions
- Grouping and clustering of students
- Online tests (quizzes)
- Project assignments
- Lab assistance
Reports:
Three projects require that you submit a report and the remaining two are covered by a Moodle quiz. You should submit the reports electronically in pdf format and use the subject "EITN50" in the email that contains the report. Name the file adsecxy_pojectname.pdf (xy=your group number and N=number of project) and send it to ben.smeets.lu@analys.urkund.se.
Grading of the project/lab reports are done from two perspectives. One is "Sufficiency" and the other is "Presentation". Sufficiency refers to a sufficient correct answer on the assignments. One extreme is that you only write the bare essensence without much explanation. You are then at risk that your report from a "Presentation" point of view lacks the information that a report should contain. The presentation should be detailed enough for others to repeat(read verify) what you did. If these criteria are met you get a "P(ass)" mark. Sloppy reports are not accepted.
If your report needs corrections you are given a "U" mark. You can always improve a "U" mark to a "P" mark until the final deadline for the projects currently set to 22/10. You must have a pass mark for all the five projects before you can pass this course.
Project 4 grading is done differently. See project description. Deadline for project report 4 is 16/10 (first submission).
Exceptionally well performed projects and reports will be rewarded by 1 points per report that will be added to your exam quiz results from which the final course grading will be determined. Hence the three written reports can give you at most 3 points that will be added to your quiz points.
Finally, the reports will be screened using "Urkund" for plagiarism (se:http://www.urkund.se/SE/om_urkund.asp).
Deadlines for the projects will be set as the course proceeds: consult Project assignments
IMPORTANT: Required additions/updates to the (any!) reports should be handed in latest 22/10.
On the first lecture the group list will be passed around. Each group should enter their names on this list or send an email to Ben stating which people are in the group. A group should be two persons, except for the DDOS laboratory lesson where we form groups of 4 persons.
In project4 the groups are clustered. Having 3 (or 2) groups per cluster. The clustering is made vissible by suitable colouring of the groups in the before mentioned list.
Username to login is group number, e.g adsec01, password communicated on first lecture.
Project work space (noted as lab in TimeEdit) is available according to the schedule in TimeEdit and will use the rooms E:4116, E:4118 at the 4th floor of the E-building. Access via students access cards (requires that you are registered to the course so we can give you access). The DDOS lab is run in a different room and the schedule is found here.
NOTE 1. In TimeEdit the labspace is entered as "labb" but this is just to reserve the computers for the course.
NOTE 2. To access to the lab space is automatically activated 24 hours after we have been able to register tou on the course. This requires that you a) register to the course latest at the first lesson, AND b) have registered for the reading period (terminsregistrerad).
There will be 5 shorts tests available via http://elearning.eit.lth.se/moodle/login/index.php. You need to signup individually in the moodle system to take these tests. From the results of these tests your final grading for this course will be computed (you can here benefit from extra points received from your project reports). You will be given a limited number of attempts in each test but are free to do the test between it is opened and the closing date of 29/10.
Required additions/updates to the reports (thus for all projects) should be handed in latest Oct 22. Submit reports (pdf format) to ben.smeets.lu@analys.urkund.se
Name the report in the following way "adsec##_projectname"
Project |
Release date |
Planned Content |
Project name & link to the assignment |
Deadline |
Last update date |
1 | 30/8 | TPM 1.2 | TPM | report 18/9 | 2016-09-05 17:43 |
2 | 30/8 | Denial Of Service Attack | DOS | quiz during lab | 2016-09-13 14:32 |
3 | 21/9 | Data forensics: finding data on a disc image | Forensics |
quiz 29/10 |
2016-09-27 16:03 |
4 | 23/9 | Trusted Camera | TrustedCamera | first report 10/10, final report 22/10 |
|
5 | 7/10 | Advanced software exploitation | Exploit |
report 22/10 |
2016-10-19 14:25 |
Jonathan Sönnerup answers any questions regarding the projects during the following hours. Outside of these hours, he is available by e-mail. Note that the times may change.
Office hours this week will be:
- Wednesday 13.00-14.00
- Thursday 13.30-14.30
You'll find me in my office, 3119b.
Data Forensics
The project assignment can be downloaded from the following link Forensics. Below you find someadditional information and last minute info. On the lab machines there is a c:\adsec directory where you find copies of the image larger files you need.
WARNING: Be carefull when using the dd command on Unix machine when you create a flash drive from an image so that the target to write to is indeed the flash drive device and not your system or other disk. The dd will overwrite what it finds. On the lab machines you can use a virtual image of the deft live-cd.
Submission Instructions
This project is examined not via report but via an individual moodle quiz.
Note that when answering in hexadecimal, in the quiz, you shall include "0x".
Deadline: during lab.
Objective
The objective of this project is to get an insight how to analyse data obtained from an image data file. The problem includes learning to reconstruct from scratch the file structure, correct errors, and to extract data.You also meet different tools to extract data.
Things you need
Part 1: Evidence File
Part 2: Image files: flash0.E01 (7.3MB) and flash1.E01 (39,7 MB)
For part 2, use the VM image in deft7.2.zip. You can copy the xxx.E01 files into the running deft virtual image by ordinary copy and past. In case you want to boot a live CD (USB), you might have to hit F12 (repeatedly) in the early stages of the boot process to get into the boot menu, where you are able to choose to boot from CD (USB). See the details in the project assignment.
- VMware image in deft8.2.zip (recommended and is also found on the LAB machine server)
extra image for those without usb stick.
Information Links
Primary sources:
- Fat12 description
- Fat Whitepaper (Read the sections "Boot Sector and BPB" and "FAT Directory Structure")
Other sources:
- FAT
- General information (Wikipedia)
- Skinny on Fat
- FATFS
- DEFT 7 manual or most recent from http://www.deftlinux.net/deft-manual/
Tools
WARNING: These are 32-bit executables that may require XP compatible mode to run properly. You can also use the deftt image from the deft website (http://www.deftlinux.net/), The iso image works. The vmware appliance that was also available from that site did not work on my VMware software.
Hex editors:
There are many hex editors that are good enough. Below you find one powerfull (but not free) and a simple one (free). Others will likely do the job as well.There are good hex editors on unix/Linux systems too.
HxD free hex editor (lacks functions of WinHex but free)
WinHex editor trial version. (use this old version as newer ones limited the number of saves, requires may compatibility mode)
ZIP password recovery
Old program. The newer versions have restrictions.
Advanced ZIP Password Recovery (free/trial version)
Fat disc viewer
Results
Project results are not here.
DOS Attacks
The project assignment can be downloaded using the following link DDOS .
Below you find some additional information and last minute info: Use the Windows TaskManager and/or BitmeterOS to measure the network use.
When selecting the interface on some computers the program does not pick the right interface (tex Realtek) that you slected on the command line. It seems that when you use the option -d 0 and then interactively select the device it works but if you use the number of the interface that you see in output as the number directly the next time, that is you use -d n, that you do not get that interface but the next one. Note that this means that if you want to select the interface number 1 you should enter it as -d 0 but this means that you want to select the device interactively.
If you noticed problems with a crashing zombie.exe make the executable compatible for XP with service pack2 (right click on the file and choose Properties->Compatability)
Submission Instructions
This project is examined not via report but via an individual moodle quiz.
Deadline: during lab
Objective
The objective of this project is to get insight in Denial-of-Service attacks. Three experiments have to be performed. This project is a unique apportunity, however the tools are potentially harmfull. Use this opportunity under responsibility. For the same reason, students that do this project are subject to a specific rule of conduct. See the Project assignment.
Things you need
After reading the project assignment your should read the lab manual that you find here: Lab manual
You should run this project in our lab with the reserved computers. You find all the material there in the mounted drive S: (where \\homer\lab\adsec should be mounted).
NOTE 1: Because you may need at least 4 computers for the last experiment the number of groups that can work in parallel is limited. Again you can use the lab computers also outside the reserved slots but then only if no other course is just using them.
NOTE 2: If opening the VMWare images hangs, this might be because you are opening the files in a read-only directory. Copy the files to somewhere local, e.g., C:\adsecxx, and try again (Do not use the Desktop to place images as files on the Desktop are part of your profile which is loaded from from a central server when you login. Hence placing large files on the Desktop will slow down your login !!!)
Do not forget to configure your Apache with the correct port number when installing it. Otherwise you have to change in httpd.config file in C:\Program Files\Apache Software Foundation\Apache2.2\conf and restart Apache. Port number 8080 and 1337 are open in the firewall. we recommend you to use 8080 for the Apache web server.
Information Links
- Lab Manual (directories that are used here may have been renamed)
- Background Reading (Thanks Franz and Johan!)
- TCPView
Results
You cannot find them via this link.
Trusted Platform Module 1.2
The project assignment can be downloaded from the following link TPM.
Ignore any instruction to install trousers. On the TSS machine everything is ready for use. Installing is possible but only needed if you want to do the project in an own environment.
When running the quote command use the -v option to see the signature.
Submission Instructions
Project report (named adsecxy_tpm.pdf, where xy=your group number) should be sent electronically (in pdf) to ben.smeets.lu@analys.urkund.se .
Deadline: Sunday 18/9, h 23.59
Objective
The objective of this project is to familiarize with the Trusted Computing Technology. We use a TPM v1.2 emulator to perform some expirements and write a simple application program.
Things you need
The software you need is placed in three Virtualbox images. These are located in the PROJ3 directoty of the S: drive on your lab machine.
It is important that you read the project description before you start. It may be useful to have glanced through the TPM command spec (see below).
Information Links
The TCG specifications for TPM v1.2 can be found here specs.
Results
Preliminary results are here.
Trusted Camera
This is a design project in which your group has to design a trusted serveillance camera, link to Project description.
In your design you have consider several requirements going from production, operation, and service/repair. Users of the camera must be sure that the images or video feeds they receive are indeed coming from the correct camera. You have to secure the product to various kinds of attacks. Of course you have to think about costs here. Also you have to consider how you can convince professional users that they can trust your product.
Your group will produce and hand in three deliverables:
- A written report
- Two reviews of reports from two other groups
- Updated version of your report + appendix
Use the review of the other groups to improve your first report.
Submission Instructions
Report and material of the Camera Project can be sent electronically (in pdf). See project description for the details.
One person in the group is called below the group contact. It will be the first person listed per group on the group list. Email addresses to be used will be sent to each group contact.
There are three important dates:
- Latest 2016-10-10: Distribute your report to your reviewers, cc to Ben. (group contact)
- Latest 2016-10-15: Send reviews you wrote to the groups that sent their report to you. (group contact)
- Latest 2016-10-22: Mail second report bundle to Ben. (group contact)
Note 1: The deadlines in the project description are subject to late changes so check always the course home page.
Objective
The objective of this project is to train security thinking around a product that requires explicit trust assurance. By documenting the design and the applied reasoning and by analyzing other constructions you will get an insight of ways of working. Analysis is done by critical analysis of each others reports.
Things you need
After reading the project assignment you should a) do the practical planning for the presenations and b) very quickly come to a basic concept so you can start searching relevant material. The course liturature and project reference list gives some useful links but you are are not limited by this. In fact you likely need additional information.
Link to system picture (Figure 1)
Information Links
Look in the course literature list. But likely you need to look for additionial information on topics related to your design choices.
Results
You can find them via this link.
Anatomy of an exploit
The description of the reverse engineering project can be downloaded using the following link.
Below
Submission Instructions
The project report (named adsecxy_exploit.pdf, where xy=your group number) should be sent electronically (in pdf) to ben.smeets.lu@analys.urkund.se .
Deadline: during lab.
Objective
The objective of this project is to get insight in how advanced exploitation of software works and how it can circumvent certain protections.
Things you need
The project assignment document includes everything necessary to get your started.
Information Links
Some notes on x86 assembly and reverse engineering that might be helpful (work in progress):
Notes on Reverse Engineering
Results
are not yet here