New this year, the course will have (up to) eight hands-on practical sessions in the lab. In these labs, we’ll use practical tools to explore software, hosts, networks and the Web with a view to both attack and defence.

28 Jul 2022 Web application fuzzing

Fuzzing a Web application’s endpoints using ffuf.

13 Jul 2022 Network security

Playing with a couple of common tools used by network defenders and attackers.

6 Jul 2022 Ransomware

An opportunity to play with practical cryptography and see how easy it is to encrypt all of a user’s files.

16 Jun 2022 sudo and passwords

An opportunity to play with root privilege and try out practical password cracking tools.

2 Jun 2022 Software exploitation

Practical exploitation of a vulnerable binary using integer arithmetic and return-oriented programming.

19 May 2022 Software

A reminder and exploration of low-level software basics: building, debugging, exploring and (a very little bit of) tampering.

18 May 2022 Lab reports

A guide to my expectations for lab reports that you submit in this course.