24 Jul 2024 Web application fuzzing (optional)
Fuzzing a Web application’s endpoints using ffuf.
Labs
The course will have (up to) eight hands-on practical sessions in the lab. In these labs, we’ll use practical tools to explore software, hosts, networks and the Web with a view to both attack and defence.
3 Jul 2024 Network security
Playing with a couple of common tools used by network defenders and attackers.
12 Jun 2024 Password cracking
An opportunity to play with root privilege and try out practical password cracking tools.
7 Jun 2024 Ransomware
An opportunity to play with practical cryptography and see how easy it is to encrypt all of a user’s files.
29 May 2024 Software exploitation
Practical exploitation of a vulnerable binary using integer arithmetic and return-oriented programming.
22 May 2024 Software (harder)
More exploration of low-level software basics: debugging in hard mode and (a very little bit of) tampering.
15 May 2024 Software (easy mode)
A reminder and exploration of low-level software basics: building and debugging (in "easy mode", i.e., with debugging symbols).
Lab reports
A guide to my expectations for lab reports that you submit in this course.