Attack Presentations

For the first 10-15 minutes of most classes, student groups will present attacks that are relevant to that lecture (for example, when discussing user authentication, the group may present techniques for cracking CAPTCHAs).

09/05 5:00pm   Email Dave with:

  • Your group (1-2 people).
  • Your top five preferred attacks.
  • Dates during which your team can't present, if any.

For the presentation:

  • Describe the relevant background for the attack.
  • Demonstrate the attack live, or else show enough data/information for it to be clear that the attack has been launched.
  • Describe how this attack could be defended against.
  • Describe the challenges you faced and insights you gleaned from the attack.

Note All attacks must be performed in an ethical, safe manner; please see the discussion of legality and ethics in the syllabus.

Date Attack Attacker Description
09/12 Control flow attack Demonstrate a modern control flow attack against modern defenses such as DEP, ASLR, and Canaries.
09/14 Kernel-level rootkit Kelsey Launch a kernel rootkit that hides from detection.
09/19 Attacking vulnerable websites Karan Build a dummy website of your choice and demonstrate XSS, CSRF, and SQL injection attacks against it.
09/21 Tricking users Jo Build a malicious website of your choice that tricks users by (1) launching a clickjacking attack, (2) performing a picture-in-picture attack, and (3) performs an SSL stripping attack (MitM transparently proxies HTTP requests and rewrites HTTPS links to point to look-alike HTTP links).
09/26 Breaking CAPTCHAs Zach Implement a tool that automatically solves CAPTCHAs, such as the attack on text-based ones described here and/or the one on audio-based ones described here. Demonstrate its use on an Alexa top-1000 site.
09/28 Cracking passwords Nirat Obtain a publicly available dataset of password hashes and implement rainbow tables to crack the passwords.
10/03 Cold-boot attack Rebecca Launch a cold-boot attack like the ones described here.
10/05 Cross-VM side-channel attack Ronald Launch a cross-VM side-channel attack like the ones described here.
10/10 Compiler Trojan horse Ben Modify LLVM to create a malicious compiler as described here.
10/12 Malicious peripheral Brook I will provide you with a PIC32 microcontroller. Use this to interpose between a keyboard and a computer to capture keystrokes and filter out user passwords. When you provide a "secret knock", your malicious device should dump the data. Bonus: interpose between a computer and a printer to alter output of printed election results.
10/19 Project proposal presentations
10/26 TLS information leakage Jessica Demonstrate the BEAST, CRIME, or Lucky 13 attacks against TLS.
10/31 Differential power analysis Gavin & Sanghyun Perform DPA on a cryptographic routine to recover the secret key.
11/02 Privacy-preserving DB attack Dibjani Perform the attack on CryptDB (or another property-preserving cryptosystem) like the one described here.
11/07 Traffic deanonymization Omer Demonstrate a traffic deanonymization attack on Tor, like the one described here.
11/09 Data deanonymization Liqian Apply a deanonymization technique like the one here to the Netflix challenge dataset and demonstrate what information you can extract.
11/14 Firmware-resident malware Pouya I will provide a digital camera; use the CHDK framework to install malicious code that does not allow the user to take pictures if you are in it (or if you are not in it, etc.). Other firmware attacks are also acceptable.
11/16 Kaminsky attack Richie Demonstrate the Kaminsky DNS cache poisoning attack on a dummy DNS server you run.
11/21 Rogue wireless AP Colin I will provide you with a OpenWRT access point. Modify its software to infect downloaded executables with malware.
11/23 Thanksgiving Break
11/28 Off-path TCP attack Julian Demonstrate an off-path TCP inference attack and use it to inject data and to reset the connection.
12/05 Project presentations