English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 18 Lessons (4h 50m) | 1.93 GB
This course explores the science and art of offensive security techniques used in penetration testing of networks and systems. Areas of focus include post-exploitation and exploitation of Unix (esp. Linux) machines/servers, and Windows OS.
A basic review of relevant x86 Assembly language constructs will be given.
Students will utilize scripting and low-level programming and other technical means to execute a variety of attacks in adversarial recon, lateral movement, privilege escalation, and authentication bypass on Unix systems, as well as active exploitation of remote memory corruption attacks on multiple OS. An introduction to general computer memory is given, along with other topics in operating systems, as needed.
An understanding of C/C++ compiled program languages, code debugging, python programming, and basic computer architecture is required.
Experience with Assembly Language programming (Intel) and UNIX command-line (scripting) is preferred. The course is geared towards students in Computer Science, Computer Engineering, and similar domains – but those with sufficient hours of experience in the topics mentioned will be able to follow the material.
This course can be taken for academic credit as part of CU Boulder’s Masters of Science in Computer Science (MS-CS) degrees offered on the Coursera platform. This fully accredited graduate degree offer targeted courses, short 8-week sessions, and pay-as-you-go tuition. Admission is based on performance in three preliminary courses, not academic history. CU degrees on Coursera are ideal for recent graduates or working professionals.
What you’ll learn
- Conduct basic and advanced attacks on Unix systems.
- Leverage programming and scripting for privilege escalation and lateral movement in computer networks.
- Discover, debug and exploit binary vulnerabilities on modern operating systems.
- Advanced Offensive Techniques on hardened computer systems and networks.
Table of Contents
introduction-and-unix-security-basics
getting-started
1 earn-academic-credit-for-your-work_instructions
2 course-support_instructions
3 assessment-expectations_instructions
the-unix-security-model
4 welcome-overview
5 the-unix-security-model-filesystem
6 objectives-and-tooling
7 investigating-the-environment
8 ps-manual-gnu-linux-version_instructions
9 ps-manual-gnu-linux-version_ps.1
10 find-manual-posix-standard-version_find.1p
11 find-manual-posix-standard-version_instructions
abusing-the-unix-security-model-privilege-escalation
abusing-the-unix-security-model
12 stat-manual-for-posix_instructions
13 stat-manual-for-posix_stat.1
14 file-mode-and-ownership-modification
15 the-special-bit-setuid
16 exploiting-setuid-programs
17 example-c_instructions
evasive-privilege-escalation-on-linux
evasive-privilege-escalation
18 unix-privilege-escalation-slides_instructions
19 shared-library-hijacking-via-ld-library-path_instructions
20 privilege-escalation-with-text-editors-surprising-attack-vectors
21 priviliege-escalation-hijacking-dynamically-loaded-shared-libraries-part-one
22 priviliege-escalation-hijacking-dynamically-loaded-shared-libraries-part-two
lateral-movement-techniques-on-unix
ssh-session-hijacking-lateral-movement-and-agent-forwarding-on-unix
23 key-generation-on-linux_instructions
24 key-generation-on-linux_ssh-keygen.1
25 ssh-agent-tools-manual_instructions
26 ssh-agent-tools-manual_ssh-agent.1
27 ssh-public-key-authentication-primer_instructions
28 ssh-public-key-authentication-primer_ssh-agent-forwarding
29 attacking-github-auth-with-ssh-forwarding-agents
30 ssh-controlmaster-for-low-privilege-lateral-movement
31 file-exfiltration-and-command-execution_instructions
advanced-passphrase-cracking
32 ssh-keyphrases-and-advanced-cracking-for-lateral-movement_instructions
memory-corruption-and-user-mode-exploitation-on-msft-windows
binary-exploitation-via-memory-corruption
33 windows-vm-download-link-from-msft-developer-site_instructions
34 software-resources-for-binary-exploitation-exercise_instructions
35 x86-assembly-basics-a-review_instructions
36 x86-call-and-ret_instructions
37 intro-to-memory-corruption
38 intel-x86-asm-constructs
39 debugging-the-target-binary
40 remote-code-exploitation-in-action
41 creating-shellcode
42 creating-shellcode-part-b
43 windows-exploitation-resources_instructions
44 tester-shellcodes-and-base-fuzzer_instructions
Resolve the captcha to access the links!