Lecture Plan

Presentation and workshop documents are linked from the table below. The lecture presentations are available as pdf documents with 1 page per sheet (click e.g. L01) or as pdf handouts with 4 pages per sheet (click e.g. H01). The workshop presentations are available for the tasks (click e.g. W01) and for the solutions (click e.g. WS01). All lectures and workshops are recorded as podcasts. Podcasts can be downloaded from the table (click e.g. PL01, PW01).

All the lectures and workshops will be presented with Zoom:

 

Week
Date
Type
L# Topic Podcast For
interested

Home exam

tasks

W35
 25.08

Lect.

L01
 
 

Basis of ethical hacking, general information gathering.
Laszlo Erdodi

 

Google hacking tutorial

Foca tutorial

Kali linux tutorial

 

W35
 27.08

WS

W01

 

Tasks on general information gathering, obtaining key information, documents, hidden web content. 
Laszlo Erdodi

 

 

  WH01

W36
 01.09

Lect.

L02
 
 
Technical information gathering, identifying the network of the target.
Laszlo Erdodi
 

Passive mapping the network attack surface

Advanced whois search

Maltego information gathering

 

W36
 03.09

WS

W02

 

Tasks on collecting network information, identifying the ip ranges of the target.
Laszlo Erdodi

 

Win Vm

Mac Vm

WH02

W37
 08.09

Lect.

L03
 
 
Network reconnaissance, port scanning.
Laszlo Erdodi

 

Nmap port scanning  

W37
 10.09

WS

W03

 

Port scanning the practice network, finding services.
Laszlo Erdodi

 

 

  WH03

W38
 15.09

Lect.

L04
 
 

Get in touch with the services: attacking ftp, smtp, dns, ssh.
Laszlo Erdodi

 

Default password database

FTP hacking

SMTP with telnet

DNS hacking

OpenVAS tutorial (command line usage)

OpenVAS tutorial (with GUI)

 

W38
 17.09

WS

W04 Attacking services in the practice network.
Laszlo Erdodi

 

  WH04

W39
 22.09

Lect.

L05 Web hacking basis: client side bypass, tampering data, brute-forcing.
Laszlo Erdodi

 

Http response splitting

Exploiting the PUT webmethod

Dirb tutorial

Tamper data

Postman tutorial

 

W39
 24.09

WS

W05 Attacking webpages in the practice network.
Laszlo Erdodi

 

  WH05

W40
 29.09

Lect.

L06 Web hacking on the client side: Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks.
Laszlo Erdodi
 

Burp intruder attack types

Burp payloads

XSS cheat sheat

OWASP CSRF

Session hijacking

 

W40
 01.10

WS

W06 Attacking webpages in the practice network.
Laszlo Erdodi

 

  WH06

W41
 06.10

Lect.

L07 Sql injection, Xpath injection, Server side template injection, File inclusion.
Laszlo Erdodi
 

SQL injection cheat sheat

Xpath injection tutorial

Xpath injection tutorial 2

Server side template injection

Local File Inclusion (LFI)

 

W41
 08.10

WS

W07

Attacking webpages in the practice network.
Laszlo Erdodi

 

   

W42
 13.10

Lect.

L08 Software vulnerability exploitation: stack overflow, Return Oriented Programming.
Laszlo Erdodi
 

Windows stack overflow

Windows ROP

Linux stack overflow

Linux ROP

 

W42
 15.10

WS

  Writing basic exploits for vulnerabilities.
Laszlo Erdodi

 

 

   

W43
 20.10

Lect.

L09 Software vulnerability exploitation 2: attacking the heap, using metasploit for exploitation.
Laszlo Erdodi

 

Heap spraying

Use after free

Fastbin to stack exploitation

House of force exploitation

 

W43
 22.10

WS

W09

 

Prepare with a WinXp VM

Metasploit practice.
Laszlo Erdodi

 

 

   

W44
 27.10

Lect.

L10_part1

L10_part2

L10_part3

Software fuzzing

Social Engineering
Laszlo Erdodi

UiO-Hacking-Arena{Welc0me_t0_IN5290}

 

 

Mutation vs generation based fuzzing

File format fuzzing

Introduction to social engineering

 

W44
 29.10

WS

W10

Social engineering practice
Laszlo Erdodi

 

   

W45
 03.11

Lect.

L11

 

Internal network hacking: Sniffing the traffic, ARP poisoning, DNS poisoning.
Laszlo Erdodi

 

 

 

Bettercap tutorial

DNS spoofing

Netbios and SMB hacking

 

W45
 05.11

WS

W11

 

ARP poisoning in the target network.
Laszlo Erdodi
     

W46
 10.11

Lect.

L12

Offline password cracking.
Trond Arne Sørby, Solveig Bruvoll

 

     

W46
 12.11

WS

W12

Password files

Cheat-sheet

Cracking hashes with different techniques.

Trond Arne Sørby, Solveig Bruvoll

 

 

 

   

W47
 17.11

Lect.

L13
 
Wireless hacking, Review, Sample exam
Laszlo Erdodi

 

   

W47
 19.11

WS

 

Supervision, Exam preparation

     

 

 

 

     

 

 

 

 

   

 
 

Back to IN5290 2020 main page.

Published Feb. 5, 2021 9:05 PM - Last modified Feb. 19, 2021 1:40 PM