Supplementary Material
Lesson 1
1.1: Welcome
- Hackerman's Tutorial, to motivate you to be a hacker
- Kung Fury movie
1.2: Vulnerabilities
- The origin of the term "computer bug"
- Further reading on SQL injection
- More sophisticated and low-level examples of command injection
- A slide deck on shellshock, a famous injection vulnerability
- Further reading on buffer overflow: Smashing the Stack for Fun and Profit
- Another example of an implementation vulnerability
- On social engineering, by Imperva
- Fun TED talk: This is What Happens When You Reply to Spam Email
- Original article about the WinRAR name spoofing vulnerability
- Another example of an integradion vulnerability
- World's first computer bug
1.3: Exploits
- Wikileaks' publication on Vault 7
- John Oliver on Government Surveillance
- Citizen Four movie on Edward Snowden
- Zero Days movie - a documentary focused on Stuxnet, a piece of self-replicating computer malware that was unleashed to destroy a key part of an Iranian nuclear facility
- Google's Project Zero
- Microsoft's Bug Bounty Program
- TED Talk: Facebook's Role in Brexit
1.4: Meltdown
- Acoustic Cryptanalysis
- TED Talk: See Invisible Motion, Hear Silent Sounds
- Meltdown and Spectre whitepaper
- Vox on Metldown
Lesson 2
2.1: Overview
2.2: Breaking Ciphers
2.3: XOR-Based Ciphers
- WEP's weak security Wikipedia Page
- "RC4" Wikipedia Page
- Fluhrer, Mantin and Shamir paper showing RC4 in WEP to be vulnerable
- WEPcrack
- Aircrak
2.4: Block Ciphers
- Explanation of AES as a comic strip (pretty accurate)
- "DES" Wikipedia Page
- "AES" Wikipedia Page
Lesson 3
3.2: What is a Hash Function?
Lesson 4
4.2: Something You Know
- Reviews of the Best USB Keyloggers
- "Mirai" Wikipedia page
- Example for use of a default password
- Tips for choosing passwords in a cartoon
- "Pass The Hash" Wikipedia page
4.3: Something You Have
4.4: Something You Are
Lesson 5
5.2: Buffer Overflow
- OWASP's description of Buffer Overflows
- C Programming Language, 2nd Edition
- A good book on hacking: The Shellcoder's Handbook: Discovering and Exploiting Security Holes
5.2: Variable Overflow
5.3: Stack Overflow
- Aleph 1's original paper: Smashing The Stack For Fun And Profit
- A tutorial on implementing stack overflow on a linux system
- An in-depth demo of a buffer overflow implementation
5.3: Control Hijacking
5.3: Canaries and DEP
- On sentinal species, like canaries
- Stack Smashing Protection: on the implementation of canaries
- On the different kinds of canaries
5.4: Return to Libc
Lesson 6
6.2: Local Area Networks - Wifi and Ethernet
- Wireshark is a widely-used network protocol analyzer. It lets you see what’s happening on your network and analyize transmited packets.
- Documentation for scapy, a convenient and powerful python package for packet manipulation
6.3: The Internet Protocol (IP)
- On IPv6 - The IP protocol described in the course is IPv4, and it uses 32-bit addresses. A replacement protocol, called version 6, or IPv6 for short, is slowly being deployed, and uses 128-bit addresses. IPv6 is the long-term solution to the shortage in IP addresses
- Tracking the rate of IPv6 deployment - IPv6 is being deployed since the early 2000's. Check it's deployment progress.
6.5: The Domain Name System (DNS)
- DNS over HTTPS (DoH) - A recent proposal to secure the DNS protocol by encrypting the communicvation between the DNS resolver and the DNS servers, through the HTTPS protocol
- DNS Poisoning - A report on DNS hijacking
- DNSSEC (DNS SECurity) - One of the proposals to introduce cryptography into the DNS system
Lesson 7
7.2 Diffie-Hellman Key Exchange
- Diffie & Hellman's original 1976 paper
- A nice visual analogy of one directional functions like the Diffie Hellman Key Exchange
- Recomended legths of cryptographic keys
7.3 Public-Key Encryption - RSA
- Rivest, Shamir and Adelman's original 1977 paper
- "Primality test" Wikipedia page
- "RSA Algorithm" Wikipedia page
- On primality testing (actually: testing for compositeness)
- On how to solve the modular equation e*d=1 (mod phi) - using the extended Euclid algorithm
- The release notes of the team that factored the biggest number n yet (November 2019)
- On the common attacks against plain RSA
- OAEP: Optimal asymmetric encryption padding
7.5 Message Authentication Codes - HMAC
7 General
- CyberChef: a web toolkit for hundreds of cryptographic components, released to the public by GCHQ
Lesson 8
8.1: Introduction to the Web
- History of the web
- What Is The Difference Between A URI And A URL?
- HTTP RFC
- W3School's web tutorials
- HTTP cookies explained
8.2: Clients Attacking Servers
8.3: Servers Attacking Clients
8.4: Clients Attacking Clients
8.5: HTTPS
Lesson 9
9.1: An Introduction to Computer Viruses
- Creeper and Reaper
- Core Wars
- Elk Cloner: the 30-year-old prank that became the first computer virus
- The Morris Worm
- Little Black Book of Computer Viruses
- Finding and removing backdoors
- The Great Hack
- The WannaCry Ransomware
- And tracker on Twitter
- Tracking GhostNet
- Zero Days: a movie about Stuxnet and other APTs
9.2: The Battlegrounds
- Antivirus evasion techniques
- Evading anti-viruses with Python
- Metamorphic and polymorphic malware
- Injecting code with ptrace
9.3: Recursive Paranoia
- Ken Thompson's original paper: Reflections on trusting trust
- A short overview of computer virology