Attack Presentations

For the first 10-15 minutes of most classes, student groups will present attacks that are relevant to that lecture (for example, when discussing user authentication, the group may present techniques for cracking CAPTCHAs).

Note All attacks must be performed in an ethical, safe manner; please see the discussion of legality and ethics in the syllabus.

For the presentation:

  • Describe the relevant background for the attack.
  • Demonstrate the attack live, or else show enough data/information for it to be clear that the attack has been launched.
  • Describe how this attack could be defended against.
  • Describe the challenges you faced and insights you gleaned from the attack.

Date Attack Attacker Description
8/30 None
9/1 None
9/6 None
9/8 None
9/13 TLS information leakage Sam Demonstrate the BEAST, CRIME, or Lucky 13 attacks against TLS.
9/15 Certificate mis-validation Arman & Yichi Demonstrate two examples of incorrect validation of a certificate with a modern browser of your choosing, such as not checking for revocations various attacks listed here.
9/20 Traffic deanonymization Alperen & Charlie Demonstrate a traffic deanonymization attack on Tor, like the one described here.
9/22 Data deanonymization Wentao Apply a deanonymization technique like the one here to the Netflix challenge dataset and demonstrate what information you can extract.
9/27 On-path censorship and evasion Connor & Ivan Set up a (virtual) network with an "on-path" censor who can observe and inject (but not block) packets, and use this censor to respond with lemon DNS queries like here, or tear down connections like here. Demonstrate an evasion technique.
9/29 Language detection on encrypted voice calls Jasmine & Nick Determine what language is being spoken via an encrypted VoIP call (e.g., Skype, Zoom, Google Meet) by measuring packet sizes, like in this paper.
10/4 Cracking passwords Chris & Maurice Obtain a publicly available dataset of password hashes and implement rainbow tables to crack the passwords.
10/6 Breaking CAPTCHAs Ben & Derek Implement a tool that automatically solves CAPTCHAs, such as the attack on text-based ones described here and/or the one on audio-based ones described here. Demonstrate its use on an Alexa top-1000 site.
10/11 Bypassing 2FA Julio & Kaitlyn Implement a fake phishing website (not hosted on the public Internet) that implements a 2FA bypassing attack, like described here.
10/13 Project proposals
10/18 None
10/20 Control flow attacks Aaron & Yiting Demonstrate a modern control flow attack against modern defenses such as DEP, ASLR, and Canaries.
10/25 Kernel-level rootkit Farida & Sadia Launch a kernel rootkit that hides from detection.
10/27 Compiler Trojan Horse Justin & Segev Modify LLVM to create a malicious compiler as described here.
11/1 Image classification attacks Davit & Yanjun Perform adversarial attacks against deep learning models in practical settings. Use a pre-trained deep learning model (we recommend this) and validation images (we recommend this). Craft advesarial examples via L∞-norm (paper, code) spatial transformation (paper, code), and/or image scaling.
11/3 Membership inference attacks Sridevi & Kyle Perform realistic membership inference attacks against deep learning models (we recommend the CIFAR-100 dataset and the LeNet and ResNet architectures). You can attack using loss information of the model (paper, code), or a label-only attack (paper, code). You can also evaluate against models with differential privacy (paper, code).
11/8 Attacking vulnerable websites Le & Yancheng Build a dummy website of your choice and demonstrate XSS, CSRF, and SQL injection attacks against it.
11/10 Tricking users Alan & Jason Build a malicious website of your choice that tricks users by (1) launching a clickjacking attack, (2) performing a picture-in-picture attack, and (3) performs an SSL stripping attack (MitM transparently proxies HTTP requests and rewrites HTTPS links to point to look-alike HTTP links).
11/15 Kaminsky Erik & Taylor Demonstrate the Kaminsky DNS cache poisoning attack on a dummy DNS server you run.
11/17 Off-path TCP attack Joe & Swanand Demonstrate an off-path TCP inference attack and use it to inject data and to reset the connection. Example side-channels include WiFi's exponential backoff and the global rate limit.
11/22 Middlebox amplification Shoumik Demonstrate a middlebox-induced, TCP-based amplification attack, as described here.
11/24 Thanksgiving
11/29 VPN fingerprinting attack Jason & Kent Launch a VPN fingerprinting attack against OpenVPN as described here.
12/1 log4j Rod & Syed Demonstrate the log4j vulnerability. Broad impacts of the attack are available here and more details of the attack are here.
12/6 Project presentations
12/8 Project presentations

Web Accessibility