This is tentative and coverage could vary.

Module 1: Introduction

  • Using VM’s
  • Introduction to CTF’s
  • Familiarize with our assignment and CTF setups
  • Pentesting and career prospects

Module 2: Web Security

  • nc, curl, httpie, browser tools, Burp Suite, JavaScript
  • OWASP Top 10
  • HTTP protocol
  • SQL Injection
  • Cross Site Scripting
  • Cross Site Request Forgery
  • IDOR
  • Timing attacks

Module 3: Reverse Engineering

  • Crash course into x86 ASM, Linux calling convention
  • Crash course into ELF
  • Crash course into libc, program loading
  • gdb, radare2, ghidra, objdump, strings, nm, strace
  • Examples

Module 4: Pwning

  • Buffer Overflow
  • Format String Bugs
  • ROP
  • Protection Mechanisms (DEP, Canary, NX, ASLR) and their bypasses.
  • Unix FHS, shells
  • Common exploits

Module 5: Cryptography

  • Theory (stupid encryption schemes, modulo arithmetic, asymmetric and symmetric encryption)
  • Examples

Module 6: Hardware Security

  • Side-channels
    • On workstations: caches, software power interfaces
    • On embedded systems: physical power attacks
  • Speculative execution attacks
    • Spectre
    • Speculated Faulted loads: Meltdown and MDS
  • Trusted Execution Environments
    • Vulnerability to Side channels
    • Vulnerability to Fault attacks