Security
1 Introduction
2 Security targets
4 Access control – basic concepts
5 Unix permissions
6 Elevated rights and Linux capabilities
7 POSIX.1e ACLs
8 Windows NTFS ACLs
9 Windows ACE inheritance
10 Windows SACLs and services
11 LDAP and Active Directory
12 Capability-based and mandatory access control
13 Covert channels
14 Integrity policies, Biba, Clark-Wilson
15 Linux Security Modules, AppArmor
16 SELinux, Android
17 chroot jails, container virtualization
18 Trusted computing base, residual information
19 Security certification, Orange Book, Common Criteria
20 Malicious software
21 Computer viruses
22 Exploiting a stack buffer overflow
23 Buffer overflow countermeasures, hardware capability architectures
24 Return oriented programming, heap exploits
25 Exploiting metacharacter vulnerabilities, SQL injection attacks
26 Cross-site scripting, syntax incompatibilities, exposure to environment
27 Integer overflows, race conditions, insufficient parameter checking
28 Random-bit generation
29 Security testing
30 Hacking story – magstripe swap
31 Cryptography – basic primitives and application examples
32 Passwords
33 Hacking story – password timing attack
34 Authentication protocols
35 Kerberos authentication
36 Network security
37 Firewalls
38 Virtual private networks
39 DDoS attacks
40 Hacking story – password power analysis
41 HTTP basics – request, response, redirects
42 HTTP cookies
43 HTTP basic authentication, HTML-form-based login, POST vs GET requests
44 Session cookies, CSRF attacks and countermeasures
45 Web SSO services, Raven authentication, OAuth2 authorization
46 Concluding remarks, research resources
47 Hacking demo – pick a combination lock
Total duration: 10:52:[Javascript required]×