IN5290 - Autumn 2022

Lecture Plan

Presentation and workshop documents are linked from the table below. The lecture presentations are available as pdf documents with 1 page per sheet (click e.g. L01) or as pdf handouts with 4 pages per sheet (click e.g. H01). The workshop presentations are available for the tasks (click e.g. W01) and for the solutions (click e.g. WS01). All lectures and workshops are recorded as podcasts. Podcasts can be downloaded from the table (click e.g. PL01, PW01).

Week Date Type	Topic	For interested
W35 22.08 Lect.	Basis of ethical hacking, general information gathering. Laszlo Erdodi	Kali linux tutorial
W35 25.08 WS	Tasks on general information gathering, obtaining key information, documents, hidden web content. Laszlo Erdodi
W36 29.08 Lect.	Technical information gathering, identifying the network of the target. Laszlo Erdodi	Passive mapping the network attack surface Advanced whois search Maltego information gathering
W36 01.09 WS	Tasks on collecting network information, identifying the ip ranges of the target. Laszlo Erdodi
W37 05.09 Lect.	Network reconnaissance, port scanning. Laszlo Erdodi	Nmap port scanning
W37 08.09 WS	Port scanning the practice network, finding services. Laszlo Erdodi
W38 12.09 Lect.	Get in touch with the services: attacking ftp, smtp, dns, ssh. Laszlo Erdodi	Default password database FTP hacking SMTP with telnet DNS hacking OpenVAS tutorial (command line usage) OpenVAS tutorial (with GUI)
W38 15.09 WS	Attacking services in the practice network. Laszlo Erdodi
W39 19.09 Lect.	Web hacking basis: client side bypass, tampering data, brute-forcing. Laszlo Erdodi	Http response splitting Exploiting the PUT webmethod Dirb tutorial Tamper data Postman tutorial
W39 22.09 WS	Attacking webpages in the practice network. Laszlo Erdodi
W40 26.09 Lect.	Web hacking on the client side: Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks. Laszlo Erdodi	Burp intruder attack types Burp payloads XSS cheat sheat Session hijacking
W40 29.09 WS	Attacking webpages in the practice network. Laszlo Erdodi
W41 03.10	No lecture
W41 06.10	No workshop
W42 10.10 Lect.	Sql injection, Xpath injection, Server side template injection, File inclusion. Laszlo Erdodi	SQL injection cheat sheat Xpath injection tutorial Xpath injection tutorial 2 Server side template injection Local File Inclusion (LFI)
W42 13.10 WS	Attacking webpages in the practice network. Laszlo Erdodi
W43 17.10 Lect.	Software vulnerability exploitation: stack overflow, Return Oriented Programming. Laszlo Erdodi	Windows stack overflow Windows ROP Linux stack overflow Linux ROP
W43 20.10 WS	Writing basic exploits for vulnerabilities. Laszlo Erdodi
W44 24.10 Lect.	Software vulnerability exploitation 2: attacking the heap, using Metasploit for exploitation. Laszlo Erdodi	Heap spraying Use after free Fastbin to stack exploitation House of force exploitation
W44 27.10 WS	Prepare with a WinXp VM Metasploit practice. Laszlo Erdodi
W45 31.10 Lect.	Software fuzzing Social Engineering Laszlo Erdodi Hacking-Arena{Welc0me_t0_IN5290}	Mutation vs generation based fuzzing File format fuzzing Introduction to social engineering
W45 03.11 WS	Social engineering practice Laszlo Erdodi
W46 07.11 Lect.	Internal network hacking: Sniffing the traffic, ARP poisoning, DNS poisoning. Laszlo Erdodi	Bettercap tutorial DNS spoofing Netbios and SMB hacking
W46 10.11 WS	ARP poisoning in the target network. Laszlo Erdodi
W47 14.11 Lect.	Offline password cracking
W47 17.11 WS	Cracking hashes with different techniques
W48 21.11 Lect.	Wireless hacking, Review, Sample exam Laszlo Erdodi
W48 24.11 WS	Supervision, Exam preparation Laszlo Erdodi

Back to IN5290 2022 main page.

Published Aug. 13, 2022 4:41 PM - Last modified Aug. 13, 2022 4:52 PM