Things discussed or mentioned during classes

From Inforail
Jump to: navigation, search



  • Network architecture, network stack
    • Passing the message from one layer to another, adding headers or tails to a message
  • Protocols
  • Noise, sources of noise
  • Error detection
    • Checksum
    • Parity bit
  • Types of modulation
    • RZ, NRZ
    • Self-clocking
    • Bit slipping


  • Taxonomy of networks
    • By size, PAN, LAN, MAN, WAN; "internet" vs "Internet"
  • Network topologies
    • Bus, ring, star, mesh
  • Broadcast, multicast, unicast
  • Switched channels
    • Circuit switched, packet switched, message switched


The UDP protocol

  • UDP datagram header
  • Non connection-oriented protocol
  • UDP ports


The TCP protocol

  • The cost of reliability
  • TCP header
  • Connection-oriented protocol
  • TCP ports
  • The three-way handshake


The IPv4 protocol

  • IPv4 header
  • Evil bit [1]


  • IP address
  • Class of IP addresses
  • Running out of IP addresses
  • Subnetworks
  • CIDR notation
  • Determining the network address and the broadcast address


  • NAT
  • Port forwarding
  • What is happening inside a router
  • Gateway
  • Shannon's channel capacity
  • Signal to noise ratio (SNR)
  • Capacity, bandwidth
  • Baud rate




  • Error detection and correction
  • Compression algorithms.
    • Shannon compression method
    • Huffman method
  • Hamming encoding


  • Computer security
  • Worm, Virus, Trojan
  • Objectives of computer security
  • Attack vector


  • Things that make computerized attacks more dangerous
    • automation,
    • remote action,
    • technique propagation
  • Different approaches in computer security
    • security reuse
    • security through obscurity
    • over-engineering
    • compartmentalization
    • need-to-know
    • choke point
    • surveillance
  • Security in depth
  • The security model of an OS
  • Primitives of computer security (ciphers encryption, one-way hash, MAC)
    • Hashes; tamper-evident vs tamper-resistant
    • MAC (message authentication codes)
    • Encryption
      • Shift cipher
      • Transposition cipher
      • Symmetric cipher
      • Asymmetric cipher


  • Digital signatures
  • PKI
  • CA, CA chains, root CA
  • Block ciphers
  • Stream ciphers
  • Randomizers, pseudo-randomizers, sources of random data, determinism vs non-determinism
  • Key lengths
  • Kerchoffs' principle [2]


  • Zero knowledge password proof [3]
  • Security in networks
  • Firewall
    • hardware vs software
    • the differences between firewalls operating at different layers, application layer firewall
  • Port scanner
  • Vulnerability scanner
  • Blacklisting vs Whitelisting
  • Proxy server
    • Content filtering/processing
  • NAT in the context of network security





  • Computer security from the perspective of a programmer
  • Errors that lead to vulnerabilities
    • Reduce error count by minimizing the scope and lifetime of a variable
    • Incorrect memory management
      • mixing new/free and malloc/delete
      • calling free twice on the same pointer
      • solutions: smart pointers, higher level languages
    • Unsafe string handling
    • use the _s functions
    • STL, or other libraries that do the work for you
    • use a language that provides easy ways to manipulate strings
    • Memory leaks
    • Buffer overflows
    • Forgetting to initialize a randomizer with a seed
    • Uninitialized variables
    • Not checking the results returned by functions
    • Trusting user input
      • Not verifying the command executed by 'system'
      • SQL injections
    • Integer overflows
    • Floating point math
    • Clear memory that contains sensitive data before freeing it (memset, ZeroMemory, SecureZeroMemory)
  • File system ACLs
  • Jail, chroot
  • SELinux

Other materials:


  • Errors that lead to vulnerabilities, continued
    • hardcoded passwords
    • unchanged default passwords
  • Letting a user in:
    • Identification - who are you?
    • Authentication - is that really you?
    • Authorization - you're in, you can use the system within these constraints
  • Biometry
    • types of scanners
    • approaches to fooling a biometric scanner
    • why is biometry good for identification, but not good for authentication
  • Multiple factors of authentication
  • Sandbox
  • Honeypot
  • Virtual machines for isolated tests
  • Attack tree
  • The system is as secure as secure is its weakest link
  • Rainbow tables
  • The importance of backups
    • Automated
    • Regular
    • Verified
    • Stored in a safe place

Things to cover

  • HTTP/2 and comparison with HTTP
  • Websockets
  • MQTT
  • AMQP
  • Digital forensics
  • Timing attacks
  • Read random memory location as a feature (expecting it to provide random data); someone fixed the 'trick' thinking it was a bug, because the comments didn't say this was a feature. vs fill the memory with a known pattern - so this is still a bug.
  • Port knocking
  • Homograph attacks //phishing
  • /biteme0x80 0x80 0x80 0x80 0x80 0x80 (backspaces in directory name to hide it from ls)


Lab 1, 12.Feb

  • BSD sockets API
  • Client-server applications
  • Using Telnet to "talk" to a server by sending raw commands
  • Ephemeral ports
    • How a new port is allocated when a connection is accepted
    • Ephemeral port ranges on different systems
  • Denial of Service

Lab 2 x.Feb

  • Wake on LAN, magic packet
  • UDP datagram
  • Broadcast
  • HTTP
  • RFC (read the description of HTTP)
  • Resuming a broken download
  • Network sniffer (see how an existing download manager works)

Lab 3, 6.Mar

  • Writing a simple network sniffer
  • Wireshark (Ethereal)
  • IPv4 header
  • Raw sockets
  • Parsing raw data

Lab 4, 19.Mar

  • Reverse engineering a network protocol
  • Using a network sniffer
  • Analyzing a protocol and writing a compatible client with extended features
  • Exploiting the insecurity of a design
  • Spoofing a message

Lab 5, 23(?).Apr

  • Implement a shift cipher
  • Write a program that cracks a shift cipher without human intervention (if it is known that the text is in English)
    • by analyzing the frequency of characters in a text
    • or using a dictionary
  • Implement a transposition cipher
  • Padding a message, choosing what to pad it with

Lab 6, 30.Apr

  • Implement Diffie-Hellman key-exchange
  • Integer types, arbitrary-precision arithmetic libraries