Outils pour utilisateurs

Outils du site


wiki:projectlist

Isolation strengh provided by Containers ?

  • How confident can we be about the isolation provided by containers? (lxc for instance)
  • One idea would be to insert a kernel module in an LXC container, which tries to override the interrupt vector, to get ring 0 privilege on the host.

Revealing websites domain names over HTTPS

SNI makes possible to share a single IP address with several virtualhosts using TLS encryption. But this leaks some information about the website's domain name. Provide a proof of concept of a sniffer which prints website's domain name when connected on a wifi network for instance.

X11 keylogger

It is really simple to create a keylogger for X11 systems using builtin tools. But if you want to remove the dependency, you have to write your own program to perform the hook on X11.

  • Write a generic keylogger (no hardcoded keymap) which sends the keystrokes over network.
  • How stealth is it?
  • Can you hide the network frames?

Two-factor authentication for SSH

Provide a proof of concept of a two factor authentication of ssh. For instance, send an email or an SMS with an additionnal code to provide at login.

Infecting executable

Provide a program to infect an executable (elf, pe, omach, your choice) to inject a payload in the entry point.

Create a simple packer

For instance, xor the packed code with 42 before running :)

Setup a PKI

Need to be automatised for various operations, including cert revokation. Could be used to implement client authentication over https or VPN. This would make a great free software tool!

Bluehat challenge

Learn about reverse engineering, vulnerability hunting or web exploitation with the MS team.

http://blogs.technet.com/b/srd/archive/2013/07/31/the-bluehat-challenge.aspx

Microcorruption wargame

Microcorruption is an embedded security game made to learn the basics of reverse engineering and debugging.

https://microcorruption.com/

Study and exploit a public vulnerability

Try to understand a real world software vulnerability in a high profile target and develop an actual exploit for it!

Some vulnerabilities and targets are easier to attack than others. Just ask if you need any advice!

Exploit writing 101

If you want to learn about computer exploits, you can do something easier : learn the very basics of exploitation by following this tutorial. https://www.corelan.be/index.php/articles/

Implement a software sandbox for isolation

Sandboxes can be used to isolate processes. This is the case in good protected softwares such as chrome browser. If an attack manages to pwn a browser process, he then has to escape the sandbox in order to take control of the actual computer.

There are a lot of papers on the topic such as :

https://www.cr0.org/paper/jt-ce-sid_linux.pdf https://media.blackhat.com/bh-eu-11/Tom_Keetch/BlackHat_EU_2011_Keetch_Sandboxes-WP.pdf

Malware analysis

Learn about the nitty gritty of a specific malware. You can follow tutorials such as:

http://fumalwareanalysis.blogspot.fr/p/malware-analysis-tutorials-reverse.html

You can also simply learn from books such as “Pratical Reverse Engineering” (highly recommended) or “Practical malware analysis”.

Learn about software DRM & obfuscation

Wondering how softwares are protected? You could learn about obfuscation. Some of these techniques include :

  • code virtualization
  • code flattening
  • whitebox cryptography
  • instruction substituion, mixed boolean arithmetic
  • opaque predicates

http://www.quarkslab.com/dl/SSTIC2014-Article-dsobfuscation-de-drm-par-attaques-auxiliaires-mougey-gabriel.pdf

Deobfuscation with miasm

Learn how to defeat OLLVM obfuscation and practice it!

http://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html

Learn about program slicing for software deobfuscation

Analyze a crackme in order to be able to make a keygen for it. http://beatrix2004.free.fr/YO1/index.html

Implement a simple obfuscation scheme with LLVM

Read the book “practical reverse engineering” and implement one of the obfuscation schemes explained in it.

http://llvm.org/ https://github.com/obfuscator-llvm/obfuscator/wiki http://0vercl0k.tuxfamily.org/bl0g/?p=260

Crack a video game

Take a video game you own and try to make a keygen for it.

Develop your own rootkit

Implement your own ring0 rootkit.

Read the book “rootkit arsenal”.

Pwn crackmes from crackmes.de

Make a cheat for a video game

Escape the IE11 sandbox

If you think pwning internet explorer is easy, then go ahead an escape its sandbox.

http://www.contextis.com/documents/79/IE_Sandbox_Escapes_Presentation.pdf

Take a red pill and escape the matrix

Study some know cases of guest-to-host exploits for VirtualBox or Xen.

Dynamic binary analysis and instrumentation

Jonathan Salwan offers to mentor any student interested by this topic. http://shell-storm.org/blog/Binary-analysis-Concolic-execution-with-Pin-and-z3/

Runtine buffer overflow detection with a pin based behavior analysis

Jonathan Salwan offers to mentor any student interested by this topic. http://shell-storm.org/blog/Stack-and-heap-overflow-detection-at-runtime-via-behavior-analysis-and-PIN

Implement a stealth debugger

Try to implement a basic debugger and make it circumvent a few anti-debugging tricks.

wiki/projectlist.txt · Dernière modification: 2014/12/09 20:22 par x86