Introduction to Information Security

Slides:



Advertisements
Similar presentations
Guy Griffiths. General purpose interpreted programming language Widely used by scientists and programmers of all stripes Supported by many 3 rd -party.
Advertisements

Python for Science Shane Grigsby. What is python? Why python? Interpreted, object oriented language Free and open source Focus is on readability Fast.
Snejina Lazarova Senior QA Engineer, Team Lead CRMTeam Dimo Mitev Senior QA Engineer, Team Lead SystemIntegrationTeam Telerik QA Academy SOAP-based Web.
Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Sarah Reonomy OSCON 2014 ANALYZING DATA WITH PYTHON.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
SM3121 Software Technology Mark Green School of Creative Media.
CIT 590 Intro to Programming Last lecture on Python.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
CS 11 C track: lecture 5 Last week: pointers This week: Pointer arithmetic Arrays and pointers Dynamic memory allocation The stack and the heap.
CIT 590 Intro to Programming Last lecture on Python.
Introduction to Python By Neil Cook Twitter: njcuk Slides/Notes:
Sniffer, tcpdump, Ethereal, ntop
Scientific Python Numpy Linear Algebra Matrices Scipy Signal Processing Optimization IPython Interactive Console Matplotlib Plotting Sympy Symbolic Math.
9/2/2015BCHB Edwards Introduction to Python BCHB524 Lecture 1.
Python & NetworkX Youn-Hee Han
Homework 4 Responses Most people really did make this assignment an illusion – not good –tempted to now cancel this class and just give everyone an A The.
COMP2322 Lab 4 Socket Programming Toby Lam March 2, 2016.
Get your software working before putting it on the robot!
Python – It's great By J J M Kilner. Introduction to Python.
TDD Unit tests from a slightly different point of view Katie Dwyer.
Samba4. What is Samba4? ● A replacement for Active Directory ● The centre of a windows domain: – Windows domain logon server – Windows-compatible LDAP.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
How to Get Started With Python
CSC 108H: Introduction to Computer Programming
Lesson 11: Web Services and API's
COMP2322 Lab 4 Socket Programming
Refs: rootshell, antionline, your favorite hacker site…
An introduction to Reverse engineering, the tools and assembly
Development Environment
HTTP AND ABSTRACTION ON THE INTERNET
Lab 2: Packet Capture & Traffic Analysis with Wireshark
Introduction to Python
REVIEW AND GOING FORWARD
A Quick Guide to Ethereal/Wireshark
Manipulating Bit Fields in C
Advanced Penetration testing
Introduction to Python
Lesson 11: Web Services & API's
CPSC 315 – Programming Studio Spring 2012
Slide design: Dr. Mark L. Hornick
Networks Problem Set 1 Due Oct 3 Bonus Date Oct 2
Due: a start of class Oct 26
Introduction to Information Security
Python for Quant Finance
Module 3 Building a web app.
Prepared by Kimberly Sayre and Jinbo Bi
Network Visualization
CS 39006: Computer Networks Lab – Day 1
Homework 4 Responses There was no expectation of completeness assignment – this was meant to give you the opportunities to a) start and manage a github.
.NET Debugging for the Production Environment
Advanced Penetration testing
Portability CPSC 315 – Programming Studio
Genome Workbench Chuong Huynh NIH/NLM/NCBI New Delhi, India
CSC 495/583 Topics of Software Security Format String Bug (2) & Heap
Issues in Client/Server Programming
Lesson 11: Web Services and API's
Explaining issues with DCremoval( )
COSC-100 (Elements of Computer Science) Prof. Juola
Hank Childs, University of Oregon
Project # IoT Device Vulnerabilities and Security REU student: Amon Harris Graduate mentors: Orlando Arias Faculty mentor(s): Yier Jin, Shaojie Zhang.
CS5123 Software Validation and Quality Assurance
Introduction to Python
CS2911 Week 3, Class 3 (And wk4-c1)
Community Builder Activity 3 min-2 min
Chapter 3 Transport Layer
Virtual Private Network
Advanced Penetration testing
Presentation transcript:

Introduction to Information Security Wireshark and Scapy

Exercise 6 Submission deadline extended to 3.5 to fix the following issues: Check the exit code only to determine whether convert failed Put the explanation as to why fuzzing the first and last 750 is enough at the top of the .txt file Use the correct format 0x<byte>.<bit>\n Bits are numbered from 0 to 7 Bytes are numbered from 1 Don't copy the entire file over for every bit flip, that's ridiculously inefficient

The Great Ascent We shift our focus from low-level vulnerabilities (buffer overflows) to high-level ones (DNS poisoning) Network vulnerabilities are just as sophisticated and interesting! They are not simpler, but they are easier to debug Tools: Wireshark (and maybe tcpdump) Scapy

A Few Words about Python

Python Probably the best language in the world For scripts, we know... But also: For web development (django, flask) For scientific research (numpy, scipy, sympy, matplotlib, ipython notebook) For big data analysis (pandas) For machine learning (scikit.learn) For big and complex systems (twisted, sqlalchemy) Other stuff (re, pycrypto, PIL, nltk, scrapy)

A Few Words About Python How can it be? It's modern and cool It's extremely dynamic Everything is an object (even classes!) You can overload and hook just about anything Focuses on developer time Simplicity Interactivity As a side-note for skeptics, with stuff like PyPy it's also incredibly fast Nowadays, that's what takes 90% of the time!

Example class A(object): def __call__(self, x, y): return x + y def __getitem__(self, key): return key.upper() def __getattr__(self, key): return key.ljust(10, '.') >>> a = A() >>> a(1, 2) 3 >>> a['foo'] 'FOO' >>> a.foo 'foo.......'

How to Learn If you're not sure how to do something, Google it or look in Stack Overflow Don't copy solutions blindly – but do learn from them For example, many of you reinvented the wheel instead of using binascii / struct Almost nobody automated the core dump address extraction  Sounds hard?

Example

Back to the Point

Wireshark Allows to capture ("sniff") incoming and outgoing packets Amazing deconstruction and visualisation Incredible number of supported protocols Filters and more

Wireshark

Scapy A Python library that allows constructing, deconstructing, sending, receiving, sniffing and virtually doing anything you can imagine with packets Read the tutorial: http://www.secdev.org/projects/scapy/doc/usage.html >>> from scapy.all import * >>> s = IP(dst='212.179.180.89') / TCP(sport=65000, dport=80, flags='S') >>> a = sr1(s) >>> a[TCP].sport 80 >>> a[TCP].sprintf('%TCP.flags%') 'SA' >>> sniff(lfilter=lambda p: UDP in p, prn=lambda p: p.summary()) ...

Exercise 7 A series of unrelated question, each about a problem and its solutions The problems themselves may have been learned in class But anyway, they are explained in detail and are in fact quite simple A big open bonus I will personally grade "by ear" (so no appeals – but do try to impress me)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.