Attack and Tool Presentation
Guidelines
This is an individual task. Each student is required to find a concrete
network attack/vulnerability/exploit
or a security tool to present in class --- avoid overlap with (1) papers
we will read (2) projects that will reimplement the same attack. The duration of presentation is
8 mins.
Note that time is very limited, so preparation is key. The content needs to be
educational and you need to demonstrate an appropriate level of understanding of
the topic (get straight to the point and skip unnecessary
background/introduction). The format:
- The attack should be an interesting one. Explain the goal of the attack, e.g., what it can do, how dangerous they are.
- Explain how the attack works, preferably with key pieces of code (if applicable) shown to illustrate the attack process and what fundamentally went wrong.
- Make a live demo when possible. Note it is not required that you implement the attack yourself. You only need to show that it works on a live system (many of attacks have source code available online). Some attacks are not possible to demo without the proper hardware or infrastructure, in which case the concept and effect of the attack should be clearly explained in sufficient detail.
- Discuss possible defenses (optional).
For security tool,
- Explain the background of the tool, e.g., what does it do? who made it? how popular it is? mostly used in what circumstances?
- Show what the tool can do. Run the tool and demo (the tool should be demoable).
- Explain how the tool works behind the scene.
Resources (you do not have to choose from the list)
Attacks/Exploits/Vulnerabilities (live demo when possible):- 4G LTE vulnerability [1] [2]
- NSA toolbox
- IPv6 hacking tools
- DNS cache poisoning
- BadTunnel [1] [2]
- LTEInspector
- Web attacks (SQL injection, XSS, CSRF, DNS rebinding attacks, etc.)
- DDoS attacks (DNS and NTP reflection/amplification, SYN flooding, etc.)
- IMSI catcher [1] [2]
- Heartbleed
- Shellshock
- General: CVE database
- General: VUPEN
- General: Blackhat
- General: Defcon
Presentation Schedule
The presentation is scheduled in several classes throughout the quarter. Please sign up on the web sheet published through ilearn. All empty slots are available to pick.Topics are taken in a FIFO fashion. Sign up early to choose the topics that you'd like to present. Please be courteous and do not overwrite any existing records.