Assignment:

The student (or group of students) is asked to analyze the attacks presented below or to propose new ones, if they already have something in mind. In particular, the student/s has/ve to reproduce the chosen attacks on their computer and share the source code of the attacks with the teachers and TAs to allow them to reproduce the attack, as well. The student/s can rely on existing software or they can write custom code for the attacks. It is mandatory to get in touch with the teachers and the TAs before starting working on a project to decide together the purpose of the project.

Network security
• Honeypot implementation and testing on a Raspberry PI
• Morris worm link
• Mitnick Attack link
• Heartbleed link

Hardware security
• Analysis of a device firmware
• Fault Injection
• RSA key extraction from an Arduino device

Web security
• Log4j

Pwn
• Sudo exploit CVE-2021-3156
• Dirty Pipe Vulnerability
• Dirty COW link
• Shellshock link

Reverse-engineering
• Ransomware/malware reversing
• Ransomware implementation

  Evaluation:

Student/s has/ve to write a final report concerning the analyzed attacks. Such report should specify (to download the template click here):
• An overview of the attack.
• The instructions to set up the attack.
• Possible countermeasures to defend against the attack.
Student/s has/ve to submit their report by the 23:59 of the date of the exam they have subscribed to. After sending the report, student/s will have an oral presentation to illustrate the attacks and to answer questions concerning both the attacks and the topics presented during the course. The final grade assigned is a combination of the report and of the oral presentation.