PERIOD: JANUARY - FEBRUARY - MARCH The course will illustrate the main hacking techniques both from the theoretical and practical point of view. These techniques are used to perform penetration testing. It will present the most important methodologies of attack against network infrastructures, with a focus on web attacks, and the main techniques of binary exploitation. The course will also present both the defense and the software protection techniques (e.g., software obfuscation and attestation). Furthermore, the course will introduce the students to the main research area and the most important open research issues in this field. Moreover, students will learn how to solve challenges, of increasing difficulty, taken from the main hacking competitions, also known as Capture the Flag. The course requires basic knowledge of computer programming and computer networks as all the required background to understand and perform computer attacks will be provided during the course.

• introduction to attack methodologies, classification of the attacks • network attacks o web attacks (SQL injection, NoSQL injection, XSS, CSRF, LFI/RFI, etc.) o presentation and exploitation of the vulnerabilities of the main web languages o network scanning, vulnerability assessment and vulnerability exploitation o challenges: web client e web server o defenses and mitigations, brief introduction to secure coding best practice • binary attacks o reverse engineering tools for disassembling and decompiling binaries (e.g., IDA, radare) o dynamic analysis with debuggers for attack purposes o binary exploitation o OS-level defences (stack canary, ASLR, NX) o challenges: reversing and pwn o tecniche di protezione del software: classificazione e principali caratteristiche • research topics and open issues • attacks: concolic execution, automatic exploitation, malware analysis, deobfuscation, etc. • defence: software attestation, advanced obfuscation, etc. • empirical experiments: assessment of protections’ effectiveness

prima lezione: - giovedì 30/1/2020 14:30 - 18:30 - aula 12 I

Modalità di esame:

Exam:

...

Gli studenti e le studentesse con disabilità o con Disturbi Specifici di Apprendimento (DSA), oltre alla segnalazione tramite procedura informatizzata, sono invitati a comunicare anche direttamente al/la docente titolare dell'insegnamento, con un preavviso non inferiore ad una settimana dall'avvio della sessione d'esame, gli strumenti compensativi concordati con l'Unità Special Needs, al fine di permettere al/la docente la declinazione più idonea in riferimento alla specifica tipologia di esame.