roflcer Goto Github PK

codechat

The repository for the open-source collaborative learning project.

cross-site-request-forgery-attack

A CSRF attack involves a victim user, a trusted site, and a malicious site. The victim user holds an active session with a trusted site and simultaneously visits a malicious site. The malicious site injects a HTTP request for the trusted site into the victim user session compromising its integrity. In this lab, you will be attacking a web-based message board system using CSRF attacks. We modi- fied an open-source message board application called phpBB to make it vulnerable to CSRF attacks. The original application has implemented several countermeasures for avoiding CSRF attacks

crypto-lab-secret-key-encryption

The learning objective of this lab is for students to get familiar with the concepts in the secret-key encryption. After finishing the lab, students should be able to gain a first-hand experience on encryption algorithms, encryption modes, paddings, and initial vector (IV). Moreover, students will be able to use tools and write programs to encrypt/decrypt messages

gps-tracking-server

The following project is a multithreaded program that handles incoming UDP packets as vehicle location updates, which are generated by a simulator. Each vehicle maintains its own updating thread until time out. Invalid checksums are dropped.This application handles parsing XML requests as well. Viewing these vehicles on a map can also be enabled.

heartbleed-vuln

executes heartbleed attack on vulnerable SSL 1.0.1 version

malware-plc

This repository will be a collection of PLC malware that can be observed in industrial control systems. Attackers load programmable logic controllers with destructive malware

roflcer.github.io

set-uid-vuln

Set-UID is an important security mechanism in Unix operating systems. When a Set-UID program is run, it assumes the owner’s privileges. For example, if the program’s owner is root, then when anyone runs this program, the program gains the root’s privileges during its execution. Set-UID allows us to do many interesting things, but unfortunately, it is also the culprit of many bad things. Therefore, the objective of this lab is two-fold: (1) Appreciate its good side: understand why Set-UID is needed and how it is implemented. (2) Be aware of its bad side: understand its potential security problems.

shellshock-attack

On September 24, 2014, a severe vulnerability in Bash was identified. Nicknamed Shellshock, this vulner- ability can exploit many systems and be launched either remotely or from a local machine. In this lab, you will work on this attack, so you can understand the Shellshock vulnerability. The learning objective of this lab is for you to get a first-hand experience on this interesting attack, understand how it works, and think about the lessons that we can get out of this attack.

timesketch

Collaborative forensic timeline analysis