Lecture Plan

Presentation and workshop documents are linked from the table below. The lecture presentations are available as pdf documents with 1 page per sheet (click e.g. L01) or as pdf handouts with 4 pages per sheet (click e.g. H01). The workshop presentations are available for the tasks (click e.g. W01) and for the solutions (click e.g. WS01). All lectures and workshops are recorded as podcasts. Podcasts can be downloaded from the table (click e.g. PL01, PW01).

 

 

Week
Date
Type
L# Topic Podcast For
interested

Home exam

tasks

W35
 22.08

Lect.


 
 

Basis of ethical hacking, general information gathering.
Laszlo Erdodi

 

Kali linux tutorial

 

W35
 25.08

WS

 

 

Tasks on general information gathering, obtaining key information, documents, hidden web content. 
Laszlo Erdodi

 

 

   

W36
 29.08

Lect.


 
 
Technical information gathering, identifying the network of the target.
Laszlo Erdodi
 

Passive mapping the network attack surface

Advanced whois search

Maltego information gathering

 

W36
 01.09

WS

 

 

Tasks on collecting network information, identifying the ip ranges of the target.
Laszlo Erdodi

 

 

 

 

W37
 05.09

Lect.


 
 
Network reconnaissance, port scanning.
Laszlo Erdodi

 

Nmap port scanning  

W37
 08.09

WS

 

 

Port scanning the practice network, finding services.
Laszlo Erdodi

 

 

   

W38
 12.09

Lect.


 
 

Get in touch with the services: attacking ftp, smtp, dns, ssh.
Laszlo Erdodi

 

Default password database

FTP hacking

SMTP with telnet

DNS hacking

OpenVAS tutorial (command line usage)

OpenVAS tutorial (with GUI)

 

W38
 15.09

WS

  Attacking services in the practice network.
Laszlo Erdodi

 

   

W39
 19.09

Lect.

  Web hacking basis: client side bypass, tampering data, brute-forcing.
Laszlo Erdodi

 

Http response splitting

Exploiting the PUT webmethod

Dirb tutorial

Tamper data

Postman tutorial

 

W39
 22.09

WS

  Attacking webpages in the practice network.
Laszlo Erdodi

 

   

W40
 26.09

Lect.

  Web hacking on the client side: Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks.
Laszlo Erdodi
 

Burp intruder attack types

Burp payloads

XSS cheat sheat

Session hijacking

 

W40
 29.09

WS

  Attacking webpages in the practice network.
Laszlo Erdodi

 

   

W41
 03.10

 

  No lecture      

W41
 06.10

 

 

No workshop

 

   

W42
 10.10

Lect.

  Sql injection, Xpath injection, Server side template injection, File inclusion.
Laszlo Erdodi
 

SQL injection cheat sheat

Xpath injection tutorial

Xpath injection tutorial 2

Server side template injection

Local File Inclusion (LFI)

 

W42
 13.10

WS

  Attacking webpages in the practice network.
Laszlo Erdodi

 

 

   

W43
 17.10

Lect.

  Software vulnerability exploitation: stack overflow, Return Oriented Programming.
Laszlo Erdodi

 

Windows stack overflow

Windows ROP

Linux stack overflow

Linux ROP

 

W43
 20.10

WS

 

 

Writing basic exploits for vulnerabilities.
Laszlo Erdodi

 

 

   

W44
 24.10

Lect.

 

Software vulnerability exploitation 2: attacking the heap, using Metasploit for exploitation.
Laszlo Erdodi

 

Heap spraying

Use after free

Fastbin to stack exploitation

House of force exploitation

 

W44
 27.10

WS

 

Prepare with a WinXp VM

Metasploit practice.
Laszlo Erdodi

 

   

W45
 31.10

Lect.

 

 

Software fuzzing

Social Engineering
Laszlo Erdodi
Hacking-Arena{Welc0me_t0_IN5290}

 

 

Mutation vs generation based fuzzing

File format fuzzing

Introduction to social engineering

 

W45
 03.11

WS

 

 

Social engineering practice
Laszlo Erdodi
     

W46
 07.11

Lect.

 

Internal network hacking: Sniffing the traffic, ARP poisoning, DNS poisoning.
Laszlo Erdodi

 

Bettercap tutorial

DNS spoofing

Netbios and SMB hacking

 

W46
 10.11

WS

 

ARP poisoning in the target network.
Laszlo Erdodi

 

 

   

W47
 14.11

Lect.


 
Offline password cracking

 

   

W47
 17.11

WS

 

Cracking hashes with different techniques

     

W48
21.11

Lect.

 

Wireless hacking, Review, Sample exam
Laszlo Erdodi

     

W48
24.11

WS

 

Supervision, Exam preparation
Laszlo Erdodi

 

   

 
 

Back to IN5290 2022 main page.

Published Aug. 13, 2022 4:41 PM - Last modified Aug. 13, 2022 4:52 PM