SNI makes possible to share a single IP address with several virtualhosts using TLS encryption. But this leaks some information about the website's domain name. Provide a proof of concept of a sniffer which prints website's domain name when connected on a wifi network for instance.
It is really simple to create a keylogger for X11 systems using builtin tools. But if you want to remove the dependency, you have to write your own program to perform the hook on X11.
Provide a proof of concept of a two factor authentication of ssh. For instance, send an email or an SMS with an additionnal code to provide at login.
Provide a program to infect an executable (elf, pe, omach, your choice) to inject a payload in the entry point.
For instance, xor the packed code with 42 before running :)
Need to be automatised for various operations, including cert revokation. Could be used to implement client authentication over https or VPN. This would make a great free software tool!
Learn about reverse engineering, vulnerability hunting or web exploitation with the MS team.
http://blogs.technet.com/b/srd/archive/2013/07/31/the-bluehat-challenge.aspx
Microcorruption is an embedded security game made to learn the basics of reverse engineering and debugging.
Try to understand a real world software vulnerability in a high profile target and develop an actual exploit for it!
Some vulnerabilities and targets are easier to attack than others. Just ask if you need any advice!
If you want to learn about computer exploits, you can do something easier : learn the very basics of exploitation by following this tutorial. https://www.corelan.be/index.php/articles/
Sandboxes can be used to isolate processes. This is the case in good protected softwares such as chrome browser. If an attack manages to pwn a browser process, he then has to escape the sandbox in order to take control of the actual computer.
There are a lot of papers on the topic such as :
https://www.cr0.org/paper/jt-ce-sid_linux.pdf https://media.blackhat.com/bh-eu-11/Tom_Keetch/BlackHat_EU_2011_Keetch_Sandboxes-WP.pdf
Learn about the nitty gritty of a specific malware. You can follow tutorials such as:
http://fumalwareanalysis.blogspot.fr/p/malware-analysis-tutorials-reverse.html
You can also simply learn from books such as “Pratical Reverse Engineering” (highly recommended) or “Practical malware analysis”.
Wondering how softwares are protected? You could learn about obfuscation. Some of these techniques include :
Learn how to defeat OLLVM obfuscation and practice it!
http://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html
Analyze a crackme in order to be able to make a keygen for it. http://beatrix2004.free.fr/YO1/index.html
Read the book “practical reverse engineering” and implement one of the obfuscation schemes explained in it.
http://llvm.org/ https://github.com/obfuscator-llvm/obfuscator/wiki http://0vercl0k.tuxfamily.org/bl0g/?p=260
Take a video game you own and try to make a keygen for it.
Implement your own ring0 rootkit.
Read the book “rootkit arsenal”.
Who said it is wrong to cheat? :) https://www.blackhat.com/eu-14/briefings.html#next-level-cheating-and-leveling-up-mitigations
If you think pwning internet explorer is easy, then go ahead an escape its sandbox.
http://www.contextis.com/documents/79/IE_Sandbox_Escapes_Presentation.pdf
Study some know cases of guest-to-host exploits for VirtualBox or Xen.
Jonathan Salwan offers to mentor any student interested by this topic. http://shell-storm.org/blog/Binary-analysis-Concolic-execution-with-Pin-and-z3/
Jonathan Salwan offers to mentor any student interested by this topic. http://shell-storm.org/blog/Stack-and-heap-overflow-detection-at-runtime-via-behavior-analysis-and-PIN
Try to implement a basic debugger and make it circumvent a few anti-debugging tricks.