Dear All, You are receiving this messages because you expressed interest in a reading or research course this term. For now, I will keep the systems and the network lists together, to let you determine your interests; I will probably separate them as we progress. -----[ Systems ]----- For systems readings, we will work through a series of original hacker articles on exploiting typical OS mechanisms. Reading alone will not be enough: you will be expected to reproduce vulnerable environments and exploit them. Please prepare to use multiple Linux virtual machines and to use Debian's debootstrap environment as a lower-cost virtualization measure. We will need these because since the time the original vulnerabilities were published, operating systems tooks measures to break the respective exploitation mechanisms, such as DEP, ASLR, etc. We will start with classic memory corruption explloits. To put their history in perspective please read http://media.blackhat.com/bh-us-10/whitepapers/Meer/BlackHat-USA-2010-Meer-History-of-Memory-Corruption-Attacks-wp.pdf and http://www.cs.berkeley.edu/~dawnsong/papers/Oakland13-SoK-CR.pdf (the former is an industry take on the topic, the latter is academic). Then readthrough http://phrack.org/issues/49/14.html http://phrack.org/issues/58/4.html http://phrack.org/issues/57/9.html http://phrack.org/issues/61/6.html Next week we will practice setting up intentionally vulnerable environments in which to practice these attacks. If you are not sure how to read binary code, please supplement your reading for the week with http://beginners.re/ , a free book that explains what binary build chains produce. As usual, have your own disassembler ready. You can skip non-x86 examples, unless you plan to work on Android or Chromebooks. ------[ Networking ]------ We will start with the basics of network intrusion detection. Stephen Northcutt's et al. "Network Intrusion Detection" books are a great introduction to the topic. You can buy used copies on Amazon almost for the cost of shipping (or look for electronic copies). Read Part I & II if you haven't already. Scapy http://www.secdev.org/projects/scapy/ is going to be our primary tool. Docs: http://www.secdev.org/projects/scapy/doc/ We will start with practical NIDS evasion: https://sparrow.ece.cmu.edu/group/731-s08/readings/ptacek-newsham.pdf http://www.symantec.com/connect/articles/evading-nids-revisited And path packets in Linux: http://www.hsnlab.hu/twiki/pub/Targyak/Mar11Cikkek/Network_stack.pdf http://vger.kernel.org/~davem/skb.html https://datatag.web.cern.ch/datatag/papers/tr-datatag-2004-1.pdf (Another great source on this is "Understanding Linux Networking Internals" book -- used copies or electronic ones should be affordable -- but it's a very long book that you will likely only read a chapter at a time.) Thank you, --Sergey