Security & Ethical Hacking: Attacking Unix and Windows

Overview

This course explores the science and art of offensive security techniques used in penetration testing of networks and systems. Areas of focus include post-exploitation and exploitation of Unix (esp. Linux) machines/servers, and Windows OS. A basic review of relevant x86 Assembly language constructs will be given. Students will utilize scripting and low-level programming and other technical means to execute a variety of attacks in adversarial recon, lateral movement, privilege escalation, and authentication bypass on Unix systems, as well as active exploitation of remote memory corruption attacks on multiple OS. An introduction to general computer memory is given, along with other topics in operating systems, as needed. An understanding of C/C++ compiled program languages, code debugging, python programming, and basic computer architecture is required. Experience with Assembly Language programming (Intel) and UNIX command-line (scripting) is preferred. The course is geared towards students in Computer Science, Computer Engineering, and similar domains – but those with sufficient hours of experience in the topics mentioned will be able to follow the material. This course can be taken for academic credit as part of CU Boulder’s Masters of Science in Computer Science (MS-CS) degrees offered on the Coursera platform. This fully accredited graduate degree offer targeted courses, short 8-week sessions, and pay-as-you-go tuition. Admission is based on performance in three preliminary courses, not academic history. CU degrees on Coursera are ideal for recent graduates or working professionals. Learn more: MS in Computer Science: https://coursera.org/degrees/ms-computer-science-boulder

Syllabus

Introduction and UNIX Security Basics

Module 1 provides an introduction to the course, its target systems and setup, and a quick refresher on Linux command line basics and relevant tooling

Abusing the Unix Security Model - Privilege Escalation

In Module 2, we take a deep dive into the basics and more obscure parts of the Unix security model, real and effective IDs for process execution and filesystem access, and setuid binaries. Applying that knowledge with some additional understanding of the shared library loading on Linux, we take a look at evasive privilege escalation in C.

Evasive Privilege Escalation on Linux

In Module 3, we continue privilege escalation, this time with shared library hijacking techniques (function hooks and library load order exploitation). We also take a look at simpler yet equally devastating attacks, using common built-in editor software as an example of hacking by manipulating the user environment.

Lateral Movement Techniques on Unix

In Module 4, we demonstrate and discuss stealthy lateral movement techniques using built-in Unix tools, including a rare passphrase cracking opportunity on private keys, and a re-purpose a lot of SSH optimizations and existing tools (forwarding agents and Control Master).

Memory Corruption and User-Mode Exploitation on MSFT Windows

In this final module, we examine computer memory concepts, code execution vulnerabilities in binary programs through memory corruption, and give a refresher on the relevant x86 Assembly instructions for stack overflow primitives. Shellcode and its generation is also introduced.