CyberChallenge.IT Cybersecurity training

The SPRITZ team is organizing the CyberChallenge.IT 2019 at the University of Padua! This is a program aimed at training in cybersecurity the best Italian students that are between 16 and 23 years old. CyberChallenge.IT is a program sponsored by the CINI Cybersecurity National Lab in collaboration with the National Cybersecurity Research Committee.
If you are young, have good programming knowledge, and want to further improve your skills, check out the official website of the event for more details: CyberChallenge.IT

Local Organizers

Information for the course (all the lessons will be in Lum250, Via Luzzatti 8, Padova from 16:30 to 18:30)

04/03/2019 Reverse: introduction to the x86 ISA. Introduction to ELF. Introduction to tools, CFGs. Simple crackmes
05/03/2019 Web: structure of a web application: web servers, CGI, proxies, life cycle, SSRF
07/03/2019 Reverse: step-by-step exercises
11/03/2019 Pwn: x86 address space layout basics. Data-oriented buffer overflows. Stack overflows under executable stack
12/03/2019 Pwn: Tools
14/03/2019 Pwn: step-by-step exercises
18/03/2019 Crypto: classical ciphers (Caesars, affine ciphers, Vigenere), OTP, OTP reuse
19/03/2019 Crypto: crib dragging, repeating key XOR, hashing, (CS)PRNG
21/03/2019 Crypto: step-by-step exercises
25/03/2019 Web: DBMS fundamentals, Interaction web application, DBMS
26/03/2019 Web: SQLi, XML, XXE
28/03/2019 Web: step-by-step exercises
01/04/2019 Forensics: network packet analysis. Open-source intelligence
02/04/2019 Forensics: log analysis, VM malware detection, Android forensics
04/04/2019 Forensics: step-by-step exercises
08/04/2019 Hardening: firewall, WAF (Web Application Firewall)
09/04/2019 Hardening: WAF - XSS; Firewall bypass
11/04/2019 Hardening: step-by-step exercises
15/04/2019 Crypto: symmetric (DES, 3DES, AES, RC4), modes of operation, CMAC, HMAC, length extension attack
16/04/2019 Crypto: asymmetric (DH, ElGamal, RSA), cube root attack, LSB, secure padding, signatures (RSA, (EC)DSA)
18/04/2019 Crypto: step-by-step exercises
29/04/2019 Pwn: GOT/PLT and GOT hijacking. Mitigations: stack canaries, ASLR, W^X, RELRO. Code reuse under W^X: stack overflows w/ ROP, PC control to ROP w/ stack pivoting
30/04/2019 Pwn: format string
02/05/2019 Pwn: step-by-step exercises
06/05/2019 Reverse: UPX packing, introduction to C++ reversing, crackmes with crypto
07/05/2019 Reverse: Angr, Frida, go reversing
09/05/2019 Reverse: step-by-step exercises
13/05/2019 Web: Intro to client-side scripting languages, XSS vulnerabilities
14/05/2019 Web: XSS DOM-based, CSP, Template injection
16/05/2019 IBM@CyberChallenge.IT
20/05/2019 Pwn: basic non-metadata-oriented heap exploitation (use-after-free, double-free). Type confusion. Virtual table hijacking (w/ stack pivoting + ROP)
21/05/2019 Pwn: basic metadata-oriented heap exploitation
23/05/2019 PwC@CyberChallenge.IT
27/05/2019 Hardening: sandbox and isolation, Docker, cloud Security
28/05/2019 Hardening: privilege escalation, AWS IAM
30/05/2019 Hardening: step-by-step exercises

CyberChallenge 2018: the UniPD team got the first national prize!

On the news: