Security
Networking, also known as 'computer networking', is the practice of transporting and exchanging data in an information system, between nodes over a shared medium.
It comprises not only the design, the construction and the use of a network, but also the management, the maintenance and the operations of the network infrastructure, the software and the policies.
ISO/OSI model
- Scenery of infotelematic communications in the '70s
- Lo stack del modello Open System Interconnection
- Strati del modello Open System Interconnection
- Struttura delle unità informative
- Meccanismo dell'imbustamento
- Principali meccanismi di controllo e gestione delle comunicazioni
- Richiami al modello TCP/IP
Technologies and switching protocols
- Definizione di LAN (Local Area Network)
- Topologie e mezzi trasmissivi
- Principi di cablaggio strutturato
- Ethernet
- Hub e switch
- Definizione di switch e bridge
- Dinamiche di switching: learning and forwarding
- Protocollo Spanning Tree
- Duplexing e tecniche di trasmissione delle trame (Cut Through, Store and Forward)
- Power over Ethernet
- Tecnologie di aggregazione dei link
- Definizione di Virtual LAN (VLAN)
- Trunk e protocolli di tagging
- Standard 802.1q
- Gestione degli switch attraverso il protocollo VTP
- Tecnologie di aggregazione dei link
- Wireless LAN
- WiFi e standard 802.11
- Bande assegnate
- Gestione di dispositivi di rete particolari: telefoni e telecamere IP
Technologies and routing IP protocols
- Protocollo IP e formato del pacchetto
- Classi di indirizzamento e meccanismo di subnetting
- Indirizzi pubblici e privati (RFC 1918)
- Cenni sull'organizzazione di Internet
- Protocollo ICMP e strumenti di network monitoring: ping, traceroute
- Protocollo ARP (Address Resolution Protocol)
- Routing dei pacchetti: statico e dinamico
- Utilizzo di route statiche e della default route
- Aspetti di routing Multicast per i flussi video
- Cenni su QoS e meccanismi di priorità
- Cenni su IPv6
- Livello di trasporto: protocolli UDP e TCP
WAN (Wide Area Networks)
- Passaggio da linee analogiche a digitali
- Collegamenti WAN residenziali ed enterprise
- Circuiti dedicati (CDN), Point to Point e Multi Point
- Strutture di reti aziendali
- Commutazione di pacchetto, trama e celle X.25, Frame Relay ed ATM
- Reti degli operatori di connettività e virtualizzazione dei circuiti
- Principi di reti MPLS
- Reti di accesso Metro Ethernet
- Strutture residenziali
- Protocollo PPP ed origine su reti a commutazione di circuito
- Collegamenti xDSL in ultimo miglio su doppino telefonico e concetto di “Always On”
- Evoluzione di ultimo miglio verso la fibra ottica, NGN/FTTX
- Reti ottiche passive GPON (Gigabit-capable Passive Optical Networks)
- Cablaggio multiservizi negli insediamenti residenziali
- Ruolo delle reti mobili come alternativa o backup alle reti fisse
IP addresses management
Applicative level protocols
Networks security elements
- Elementi di sicurezza delle reti
- Termini della sicurezza
- Principi funzionali dei firewall
- Sistemi di autenticazione AAA (Authentication, Authorization, Accounting) e standard 802.1x
- Concetto di proxy e reverse proxy
- Introduzione alle VPN (Virtual Private Network)
- Cenni su IPSec e SSL (Secure Socket Layer)
Video/voice/data convergence
Windows
Vulnerabilities and Exploits
Browser
- 1-Day Browser & Kernel Exploitation - (PDF)
- A Methodical Approach to Browser Exploitation
- Anatomy of an Exploit – Inside the CVE-2013-3893 Internet Explorer Zero-Day – Part 1
- Advanced Heapspraying Technique - (PDF)
- Attacking JavaScript Engines
- Attacking WebKit Applications by Exploiting Memory Corruption Bugs - (PDF)
- Beginners Guide to UAT Exploits IE 0day Exploit Development
- Catalog Browser Exploitation Chapter
- CVE-2018-5129: Out-Of-Bounds Write with Malformed IPC messages
- CVE-2019-0539 Root Cause Analysis
- Evaluating the Safari Sandbox, and Fuzzing WindowServer on MacOS
- From Out of Memory to Remote Code Execution - (PDF)
- Fuzzy Security - Spraying the Heap [Chapter 1: Vanilla EIP] – Putting Needles in the Haystack
- Fuzzy Security - Spraying the Heap [Chapter 2: Use-After-Free] – Finding a Needle in a Haystack
- HeapSpray Aurora Vulnerability
- IE 0day Analysis and Exploit
- IE 11 0day & Windows 8.1 Exploit - (PDF)
- IE11 Sandbox Escapes Presentation - (PDF)
- Learning Browser Exploitation via 33C3 CTF Feuerfuchs Challenge
- Look Mom, I don't Use Shellcode - (PDF)
- Memory Corruption Exploitation in Internet Explorer - (PDF)
- Microsoft Edge Chakra JIT Type Confusion CVE-2019-0539
- Microsoft Edge MemGC Internals - (PDF)
- Performing Root-Cause Analysis of a JSC Vulnerability
- Post-Mortem Analysis of a Use-After-Free Vulnerability (CVE-2011-1260)
- Reducing Target Scope within JSC, Building a JavaScript Fuzzer
- Spartan 0day & Exploit
- The Art of Leaks: The Return of Heap Feng Shui - (PDF)
- The ECMA and the Chakra - (PDF)
- The Secret of ChakraCore: 10 Ways to Go Beyond the Edge - (PDF)
- Using the JIT Vulnerability to Pwn Microsoft Edge - (PDF)
- Weaponizing a JSC vulnerability for single-click RCE
- Weaponizing a Safari sandbox escape
- Windows 10 x64 Edge 0day and Exploit - (PDF)
- Write Once, Pwn Anywhere - (PDF)
Mitigation Bypass
- Browser Security Mitigations Against Memory Corruption Vulnerabilities
- Bypass Control Flow Guard Comprehensively - (PDF)
- Bypassing Control Flow Guard in Windows 10
- Bypassing Control Flow Guard in Windows 10 - Part II
- Bypassing Memory Mitigation Using Data-Only Exploitation Technique - (PDF)
- Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
- Chaining DEP with ROP – The Rubik’s[TM] Cube/a>
- Chakra Jit Cfg Bypass
- Cross The Wall-Bypass All Modern Mitigations of Microsoft Edge - (PDF)
- Development of a New Windows 10 KASLR Bypass (in One WinDBG Command)
- Disarming and Bypassing EMET 5.1
- Disarming EMET v5.0
- Disarming Enhanced Mitigation Experience Toolkit (EMET)
- Exploit Dev 101: Bypassing ASLR on Windows
- How to Find the Vulnerability to Bypass the Control Flow Guard - (PDF)
- ROP for SMEP bypass
- Simple EMET EAF Bypass
- Smashing The Browser
- SMEP: What Is It, and How to Beat it on Windows
- Universal DEP/ASLR Bypass with Msvcr71.dll and Mona.py
Kernel
- abatchy Kernel Exploitation 1: Setting up the environment
- abatchy Kernel Exploitation 2: Payloads
- abatchy Kernel Exploitation 3: Stack Buffer Overflow (Windows 7 x86/x64)
- abatchy Kernel Exploitation 4: Stack Buffer Overflow (SMEP Bypass)
- abatchy Kernel Exploitation 5: Integer Overflow
- abatchy Kernel Exploitation 6: NULL pointer dereference
- abatchy Kernel Exploitation 7: Arbitrary Overwrite (Win7 x86)
- Arbitrary Write primitive in Windows kernel (HEVD)
- Corelan Team (corelanc0d3r) Heap Spraying Demystified
- DirectX to the Kernel
- Fuzzy Security - Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit)
- Fuzzy Security - Kernel Exploitation -> Integer Overflow
- Fuzzy Security - Kernel Exploitation -> Logic Bugs in Razer Rzpnk.sys
- Fuzzy Security - Kernel Exploitation -> Null Pointer Dereference
- Fuzzy Security - Kernel Exploitation -> Pool Overflow
- Fuzzy Security - Kernel Exploitation -> RS2 Bitmap Necromancy
- Fuzzy Security - Kernel Exploitation -> Stack Overflow
- Fuzzy Security - Kernel Exploitation -> UAF
- Fuzzy Security - Kernel Exploitation -> Uninitialized Stack Variable
- Fuzzy Security - Kernel Exploitation -> Write-What-Where
- Intro to Windows kernel exploitation 1/N: Kernel Debugging
- Intro to Windows kernel exploitation 2/N: HackSys Extremely Vulnerable Driver
- Intro to Windows kernel exploitation 3/N: My first Driver exploit
- Intro to Windows kernel exploitation 3.5/N: A bit more of the HackSys Driver
- Kernel Hacking With HEVD Part 1 - The Setup
- Kernel Hacking With HEVD Part 2 - The Bug
- Kernel Hacking With HEVD Part 3 - The Shellcode
- Kernel Hacking With HEVD Part 4 - The Exploit
- Kernel Hacking With HEVD Part 5 - The SMEP Version
- MS11-080 Exploit – A Voyage into Ring Zero
- Sharks in the Pool :: Mixed Object Exploitation in the Windows Kernel Pool
- The Path to Ring-0 Windows Edition
- Windows Kernel Exploitation Basics - Part 1 : Introduction to DVWDDriver
- Windows Kernel Exploitation Basics - Part 2 : Arbitrary Memory Overwrite exploitation using HalDispatchTable
- Windows Kernel Exploitation Basics - Part 3 : Arbitrary Memory Overwrite exploitation using LDT
- Windows Kernel Exploitation Basics - Part 4 : Stack-based Buffer Overflow exploitation (bypassing cookie)
- Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment
- Windows Kernel Exploitation Tutorial Part 2: Stack Overflow
- Windows Kernel Exploitation Tutorial Part 3: Arbitrary Memory Overwrite (Write-What-Where)
- Windows Kernel Exploitation Tutorial Part 4: Pool Feng-Shui –> Pool Overflow
- Windows Kernel Exploitation Tutorial Part 5: NULL Pointer Dereference
- Windows Kernel Exploitation Tutorial Part 6: Uninitialized Stack Variable
- Windows Kernel Exploitation Tutorial Part 7: Uninitialized Heap Variable
- Windows Kernel Graphics Driver Attack Surface - (PDF)
- Windows Kernel Exploitation Tutorial Part 8: Use After Free
- Windows Kernel Pool Spraying
- Windows kernel pool spraying fun - Part 1 - Determine kernel object size
- Windows kernel pool spraying fun - Part 2 - More objects
- Windows kernel pool spraying fun - Part 3 - Let's make holes”