A Security Curriculum

How the C memory abstraction works and undefined behavior.

• CMU 15-122 Principles of Imperative Computing
  • Use wget to get these includes some solutions.
  • Use Andre Platzer site symbolaris for different semesters if you want
  • CryptoJedi Hacking in C assignments

The sequel to 15-122 is 15-213 a systems intro covering x64 assembly.

• CMU 15-213 Intro to Computer Systems (any year)
  • Recorded lectures on YouTube and Panopto
  • ASU reverse engineering content from CSE365
  • Basic introduction to IDA Pro and reverse engineering CTF

Building the ultimate covert channels by exploiting hardware.

• MIT G.S983 Secure Hardware Design 2023
  • See the labs they teach how side-channel attacks are possible even from restricted execution environments

This MIT course is modeled after the classic OS hacker's book Lions' Commentary on Unix 6th Edition which documented the Unix v6 kernel with the source code included that you read at the same time.

• MIT 6.1810 Operating System Engineering 2023
  • Recorded lectures on YouTube see the 2021 version
  • OS Attacks practice for defending against or using covert channels

Numerous CTFs exist for this we can replay like PLAID or picoCTF which has an extensive practice area from easy to hard difficulty.

• ASU 598 Software Exploitation 2024
  • Part of the pwn.college site they run

• GMU 395 Linux Binary Exploitation 2021
  • Full access to everything

• GATECH 6265 Information Security Lab 2023
  • Recorded lectures on YouTube
  • Access to tutorials but not labs

• Brown 1650 Software Security & Exploitation 2024
  • Labs are open, mainly paper reading and practice
  • The grad research version

We can take these all at the same time. These courses on day 1 expect fluency in assembly, reverse engineering or knowing assembly/hex/control flow, debugging binaries w/gdb, syscalls, kernel modules, network programming and libc which we will have seen already.

This is 'real' crypto and not the bozo world of web3 schemes but we will learn enough should you want to get into ridiculous web3 CTFs held on yachts in the Emirates to capture wallets instead of flags. That is if the other participants don't forge submission sigs.

• TU/e Cryptology and Post Quantum Crypto 2023/22
  • Recorded lectures/notes/assignments all open
  • Insight into crypto secure against quantum computers
    • We have to learn some modern algebra and Coding the Matrix

While we take those courses and learn cryptanalysis these are all the hacking projects we can do at the same time

• Crypto Protocols in-depth and how to attack them
  • Cryptopals challenges

• Engineering Crypto Software how to optimize stream cipher crypto on real hardware
  • Start with functioning reference in C
  • Remove sources for timing leakage
  • Profile and optimize code
  • Write arch-specific implementation in assembly
    • Brown Logic for Systems workbook is another way to model an implementation first then break it before you build it

• Attacking Networks 2019
  • How to set up firewalls and circumvent them
  • VPN crypto like Wireguard
  • 2IC60 TU/e Lecture Notes Computer Networks and Security.

Selling exploits for a lot of money. Some of these bounties are hilarious like only 100k for code signing bypass, it must be easier than it looks if it pays lower than a WordPress exploit. They also really want a Docker escape vuln. Zerodium is another broker and their payouts chart is supposedly market rates. The way this works is they pay you over time not all at once that way there's an incentive for you to not turn around and resell to a competitor.

If you can do this typically you will want to work for dfsec they pay you a bonus for any major bug you find. It used to be you could just extract control-flow graphs and run a logical assistant on it finding any kind of potential attacks to try. I have no idea what they do these days but we'll find out as we go.

SOC means Security Operations Center. This is a wagie working shifts for a 24/7 (usually remotely) enterprise tier threat response contractor who is paid to analyze system logs (almost always Windows OS logs) and analyze network traffic to spot problems. They have some kind of monitoring tools and you primarily extract and filter data with OSquery and do 'threat intelligence'. The curriculum we are already doing is more than enough to get into this or find some kind of learning path for SOC Levels 1 and 2 but these almost always cost money. This is the only free course (edx) I could find. This one is the cheapest I could find it appears to be some subscription model of $14/m or you could simply use their syllabus to look up everything yourself like OSquery, Wirehark, Snort, MITRE etc. Most people get into this via the military or were former system admins or pay for certs.

To find SOCs search for security operations center jobs or try Sophos or NCC Group (Netherlands or Philippines) these companies have to hire local citizens and can't outsource because of security clearances. I imagine these outfits exist so gov contractors and giant medical companies can satisfy some kind of insurance compliance or lawsuit protection from any breaches/leaked data. If you get in here you want to move up to running the place because they pay for all your silly certs and because every tech company will hire you as a Chief Information Security Officer (CISO) should you leave SOC work. Outside of finance and pharma/medical the CISO is usually given next to no budget and no authority you get paid a lot of money to sit on the executive board while answering emails and making presentations it's a ceremonial job almost where you hire the same SOC you used to work for and then play golf or whatever CISO's do all day.

Someone charging 7-20k+ per week for an application security assessment. This kind of person can do the 'full stack' of security review from source code review/dependencies to secOps deployment to how developers handle the keys for signing into the source repository. With large security consulting outfits, the typical engagement is 2-3 consultants for 2 weeks where there is juniors competent in running security procedures like penetration testing and the principal consultant oversees them and presents all the reports the juniors produced justifying the money spent. Large contracts they will outsource reverse engineers and all kinds of other specialists charging insanely high hourly rates. The major outfits are Leviathan security, IOactive, Bishop Fox, NCC group, Crowdstrike (if they are still in business after that parser being exploitable and not verifying inputs blew up the whole world) or search for security consultant jobs. Leviathan is probably the biggest in the US because I believe you have to contract either them and/or Bishop Fox in order to use any kind of Google auth in your software. They even sell a 'virtual CISO' service. If these outfits aren't hiring send in a general application or email them and say you want to apprentice showing them some kind of proof of your skills like custom tools you wrote or something.

If you live in France then get in with Synacktiv they place first or second in every global competition or REverse Tactics. If you live in Saudi Arabia join Haboob SA they also win global competition prizes. If you live in Korea join KAIST or theori. If you live in Vietnam join Viettel. If you live in Taiwan join DEVCORE. If you're in Germany join the redrocket club. If you're in the Netherlands get into NCC group (Delft).

If you live in the UK look at the openings page for PortSwigger the company that sells Burpsuite the most popular web penetration toolkit. Look at the opening for Master of the Swigverse they offer to teach you from the ground up the entire business of selling a security product. Full mentorship in competition analysis, customer engagement to improve the product, hiring wagies to code, public relations, general management of teams and finance.

This talk is from 2014 but nothing has changed in OSS development. Poul-Henning Kamp is involved in the FreeBSD project and here he imagines what would he do if he were tasked by some nation-state to 'control' or sabotage open source.

@5:10 is very interesting. It reminds me of back in the day when many people writing 'security Android ROMs' or those in-memory operating systems you loaded up with a boot live DVD/USB or advanced security OSs like Subgraph OS. They all disappeared and abandoned their projects and he imagines in the talk how legit developers are purposely bribed to do so being put on some nice salary at a 'friends of NSA' company.

@12:28 this is what we came for how modern open source projects can be derailed or infiltrated. @16:40 some mobile browser versions won't even let you use self-signed certs anymore even after clicking all the 'omg but are you aware of the risks!' buttons. The deceptive defaults he mentions I have been burned by many times.

Egor Homakov a security researcher once wrote this post (now deleted) Why it sucks to be a Security Researcher. He is completely blackpilled and tells us how nobody cares or wants to fix the problems. If you raise the alarm you are threatened or dismissed. He wrote multiple warnings to the Rails git repository only for them to hand-wave the problem away as 'impractical' and 'would never happen' so he started his security career by hacking the repository. They still denied the problem so he opened an issue 999 years in the future.

Now canceled former Tor developer and 'Wikileaks associate' Jacob Appelbaum quietly got a PhD from two of the world's premiere crypto experts DJ Bernstein and Tanja Lange at TU/e in the Netherlands. I don't know or care about any of the details of his fall from grace but he did write a thesis/dissertation so we may as well read it. The pdf is here or direct link here.

Skimming the intro this is more of a political manifesto instead of a thesis I'm surprised the school didn't demand he remove a lot of cringe here. In the section he calls bad mathematics he shames others on cruise control who take fed cash yet seems completely unaware he once worked for the Tor Project which is funded by US federal agencies like the DoD. If you follow DJ Bernstein then you know he amusingly rants on the IETF crypto working group mailing list whenever some stooge proposes yet another badly designed or patent-trolled elliptic curve scheme so that to me is the definition of 'bad mathematics' trying to sneak in broken by design protocols. In 1.2 Thinking about the future some of the claims derived from the questionable sources he lists are so wild even Wikipedia jannies wouldn't have green-lighted this so I skipped most of it but the theme as far I can tell is crypto still works if it's designed and used correctly.

Section 2 Background on network protocols skimming this, OpenVPN is demonized as being the target of NSA weakening but OpenVPN code is so ridiculously bad and convoluted that they probably didn't have to do anything nefarious to it except promote its use.

Section 3 Background on cryptography if you look at Tanja Lange's crypto course page she recommends for general background this free online book so we can refer to it as we very lightly read this section. In the hash functions chapter a hash function h maps bit-strings of arbitrary but finite length to strings of fixed length so the domain of the function (inputs) maps to a range (outputs) that is many-to-one and the inputs are larger than the range, This means there exists the possibility of collisions where 2 distinct pairs of inputs have the same output. Now you know how password hashing works, the hashes map to a plain text input but the Appelbaum thesis notes these password hash functions are designed to be extremely slow by purposely running inefficient calculations that require large amounts of contiguous memory so you can't easily brute force the hash by bombing it with millions of strings to guess passwords.

Block ciphers chapter seems to be a function that accepts as input a n-bit sized vector of plaintext and a key vector then a product transformation occurs to create ciphertext that is the same size of the input. If the input exceeds the size of the n-bit block then it's partitioned into same-size blocks and encrypted separately using a mode of operation to do so one old example is ECB or electronic-codebook mode. A symmetric key is shared via some Diffie-Hellman public key system we can learn later. The term 'nonce bit' is called IV or initialization vector in older books. Djb's ChaCha20 high-speed crypto and Poly1305 MAC is mentioned and detailed here if interested. Skimming the rest of this chapter there's an interesting comment about NIKE or non-interactive key exchange that has a deniability property where finding encrypted content that decrypts with someone else's key is still not definitive proof of any communication between each other.

Chapter 4 you probably already know most of this if you read the Snowden leaks and 2017 Wikileaks CIA files and there's a bunch of material here in this chapter on glowie PSYOPS strategies all laid out in chronological order. Applebaum goes totally off the rails again back into political manifesto territory. The later content going through all known shady nation-state malware and explaining how it works is worth reading. Even though a lot of these exploit 'products' in the leaked ANT catalog are from 10 years ago I doubt much has changed especially what data they were after so the methods change but the target is the same.

Chapter 5 GNU naming system has a good crash course on how DNS works. The NSA shenanigans detailed here are amusing they ran some global monitoring bot network to hide their DNS queries after an attack to admire their work and avoid blame. GNS is a GNUnet app which I like way more than all the blockchain nonsense going on right now requiring massive amounts of mining. Note to self look into GNUnet more.

Chapter 6 WireGuard tweak only works for some future quantum adversary meaning if traffic is vacuumed up and held to be broken years later then this tweak works otherwise an active quantum adversary you have to redesign the entire WireGuard protocol. That's if quantum computers aren't a total scam every company in the field always makes suspect promises of massive amounts of qubits then nothing happens.

Chapter 7 Vula has code to read here and is developed anonymously obviously because of Appelbaum's pariah status. I'll have to come back here after we get familiar with post-quantum crypto an automatic LAN encrypting scheme is a pretty awesome idea.

Chapter 8 REUNION is a PAKE for physical key encrypted key exchange, a kind of Assange-tier tradecraft meeting protocol for short message exchanging like a business card with contact info.

In the early days, you basically stumbled into hacking/phreaking by accident by either curious discovery pressing a combo of commands or blowing a Cap'n Crunch free cereal box whistle into the phone handset and gaining complete control over the system. Techniques were traded for free there was no real security industry for software or even much organized criminal activity until the hacker crackdown. Most crime was stealing technical manuals and juvenile pranks on EFnet rivals was typical in the 90s or getting the numbers to a group of payphones in NYC, figuring out how to call them for free, and some other hacker would answer and give you advice where to find information. That was the scene, a bunch of 'keyboard cowboys' and around this time Hackers the movie came out which besides the (fruit boots) inline skates was very realistic it should almost be a documentary like how you'd go to meets and they'd drill you what do you know.

Post-Mitnic conviction in the late 90s to mid 2000s this changed to a blackhat culture where cloning SIM cards, cracking copyright protections and releasing pirate software (warez scene) took over spawning a binary exploitation/reverse engineering and remote box popping culture that still exchanged ideas and software for free but quickly a marketplace emerged for jacking financial data and 0day auctions started springing up in the underground. That card scene only had a very few actual hackers grabbing databases or sniffing wireless point of sale for the most part the people involved were just common identity thieves who purchased devices to place on ATMs or hired staff to double swipe cards at restaurants and airports.

Today these criminals have an opposite strategy of trying to not get noticed instead of withdrawing millions in a single night from global ATMs and alerting Interpol of their existence they now charge micro transactions on hundreds of thousands of cards in hopes the mark doesn't notice but that's still not hacking it's just ID theft.

Anonymous was the 'hive' it was a large group of kids willing to use the tools that blackhats gave them either for lelz or to cover for whatever they had just done with the same tool. "This attack signature is too unique I'm going to get caught for sure! Wait I know who to blame for this the hacker known as…"

Obtain the book Hackers by Steven Levy and read the chapter The Last of the True Hackers. RMS spent two entire years reverse engineering software that took a team of people to write all the while routinely breaking into the lab servers and rewriting all the passwords to be blank so no student would be spied on by the administration. Up until MIT kicked him out a few years ago he was still hacking their security system cloning an access pass to campus so he could come and go anonymously. Now we've read Appelbaum's thesis on mass surveillance this meme no longer seems like a meme anymore.

Stephen Huntley Watt is the only convicted blackhat who never snitched.

He was one of the most famous blackhats of the 2000s because of PR0J3KT M4YH3M a war against the whole so-called white hat industry. There was an anti-sec movement back then claiming that disclosure sites like bugtraq, security conferences and anti-virus corporations were creating the problem they were paid to solve by dumping what is essentially nuclear weapons to masses of global criminals free of charge. A classic method that still works today is to run a diff on whatever bugtraq or other disclosed patch to reveal the exploit then write up a turn-key h4xxoring product and sell it on skiddy forums as it would take months or sometimes years for people to update their systems so unpatched systems were wide open. "Better hire us to protect you" these outfits would claim while at the same time creating chaos by arming everyone on Earth. Even the recent Pwn2Own competitions have this problem where there is a patch gap between Chrome and Chromium being patched so some have noticed the exploits from Pwn2Own will still work for some period after especially on any headless instances of these browsers because they run outside the usual browser sandbox.

A lot of project mayhem is detailed in ~el8 text files from 2001-2002 which are written in a style that you would expect from juvenile blackhats back then where they attacked every known white hat and company in the security industry and somehow avoided prison. They even super trolled Theo De Raadt who is also known (back then) as one of the most trollastic open source devs but today I am thankful OpenBSD still exists it's a nice clean OS where you can understand everything that is going on.

He was making a nice salary in NYC as a trading systems software developer (at now called tsImagine) and gave away for free a packet sniffing program to a fellow blackhat he knew since high school because that's how the hacker scene used to work you never charged money to other hackers. That other blackhat did a really stupid crime with it and snitched where he got the program from so Watt spent 2 years in fed prison for writing a single packet sniffer. He knew what they were going to use it for but probably didn't expect the guy to point at him in court. He claimed on his Xwitter the only way he could get a job despite being one of the best hackers on earth was to apply to a Ukraine company after prison and if you search around they are desperate for foreign remote devs in Kiev because of the war. Last I heard he still owes the US gov $170m+ and works for DomainTools as a principal software engineer. If there exists a hall of fame for blackhats he should be in it.

The courts declared Max a 'super hacker' who was so good the judge at his trial called him 'the hacker of all hackers' and gave him way less time than normal ID thieves would get. There's an entire book about this guy worth reading because he took over the entire underground market in a single night breaking into the 4 biggest competitor markets and stealing their databases of users, emailing all users that they should join his site instead and shutting his competition down. Some of these sites touted their uber security like requiring a special signed cert handed out only to a few people to even connect to the server and he yoinked those certs and broke in. His demise began when one of the sites he took over was a federal sting site and the feds weren't too happy about him ruining their entrapment ops.

Max although on supervised release now is still facing new charges claiming he used a phone at the prison to 'control drones and drop contraband in the prison' which is of course almost surely nonsense. Personal experience tells me there was probably some guy Max played cards with who pestered Max to tell him how some crime like that could work then when he got caught he of course snitched on the bigger fish like all these guys do.

Max used a lot of tricks like hiding his very popular marketplace in plain site so ISPs couldn't find him. We'll learn about this later but I suspect he modified protocols that network admins would scan for like changing the rounds in ssh so any kind of scanning would fail and his market was invisible. He then could camouflauge the traffic as normal network traffic.

There is a hacker called ASTRA who was revealed to be a 58 year-old retired mathematician living in Greece. He remotely broke into France's Dassault corporation which manufactures military aircraft and weapons and sold secrets worth 350 million dollars from 2002 until 2008 to their competitors worldwide with the help of a global crime network. He was not an employee leaking information or anything or else he'd be in prison and his identity revealed. Nobody has ever revealed his identity because he likely was hacking OpenSSL or something they deemed too important to not know about so retained him as a consultant. He was living under perfectly forged gov identities in Athens that he had hacked (again prob OpenSSL or other crypto hacking breaking into gov dbms) and they never revealed how they caught him though likely it was following money or a lesser guy in his crime network was picked up and snitched.

The lesson here is if you're going to do this (you shouldn't) then go for the olympic medal of hacking.

Let's watch this DEFCON 30 talk from last year about a guy involved in shady stuff. I have some experience in this so will add annoying commentary but I was never using these sites to sell or buy I was interested in custom software building and they would always make me an internal member with access to private messaging groups just because I'm good at infiltration. This talk is about 'keeping safe from the federal gov'.

I don't recognize his aliases from back in the day and there are def some I remember such as one mod on a popular market you probably know about that had a confused looking John C Reilly avatar who got away through pure stupidity living up to his avatar. They revealed in court docs a failed sting they had set up for him to pick up money they sent from a compromised admin account but he was so incompetent he went to the wrong address both times and escaped prosecution.

Bruce Schneier has a good article about crime how criminals never use probability to estimate the cost of their actions or if the crime they're about to do is worth betting on. In finance, you are always estimating the expected value of some game strategy and deciding if it's worth the risk.

Many of these markets are busted because of the greed of the operators of course and because they seem to have faith in crypto marketing that is only marketing. For example The Farmers Market used Hushmail so an entire archive of decrypted messages was available to the feds. Old blackberry phones used to be sold with 'unbreakable encryption' too but you could easily compromise the server and get all the keys.

@15:50 is the fallacy 'how they screwed up' because if you read anything here so far you realize that it's impossible not to screw up the global surveillance capabilities are just too advanced and corrupt now you would need to have a fail-safe plan of living in a country with non-extradition where you also enjoy local political status like you are the mayor's son or police chief's cousin. If you don't have political cover then these foreign nations phone your local police dept about you and they arrive to shake you down for money.

@19m some good advice here but again using whatever meme OS like Whonix is not your most critical attack vector it's people you know in real life or trying to cash out money.

@26:49 Sabu the guy in lulzsec was busted after he got wasted and accidentally signed in under a watched nym to some chat channel without using his normal protections. What was critical about that is they already knew who he was through means not disclosed and were watching him from a nearby parking lot when he handed the feds a warrant for his apartment by logging in with his home ISP address.

@29m the problem with this kind of activity is you can't convert it to pay yourself on the scale of cash flows needed for trafficking. I'm sure you can think of ways you believe have never been tried before and will totally fool advanced analysis that looks for these patterns but there is no such thing as original ideas on how to launder money that's why elaborate global crime networks are used. Many countries have laws limiting how much of their currency you can remove like China so their rich overseas residents will buy up foreign currency from traffickers and then settle within the Chinese banking system so the traffickers get clean money and the diaspora millionaire residents get foreign exchange.

@33m he redpills that all the message forum style lawyers are wrong because the feds simply lie to someone you know that they have to talk or else and they don't even need to have witnessed a crime just confirm certain movements on certain days in court where the feds present this as proof of furtherance of a conspiracy.

End of this he warns it's a bad business model doing what he did and the return on investment is never enough for the risk. Making a lot of money legally is not impossible. Let's say you finish this security workshop here and are hired as a junior consultant somewhere being paid a $40k yearly bonus which is typical. In 2 years you can put a down payment on a house with just your bonus. Every year you take the same bonus and add value by watching Scuffed Realtor or some other YouTube live to learn proper landscaping and kitchen redesign. In 5 years you will have added $200k worth of quality work and maybe you now have a family and need a bigger house so can sell making a nice return on your investment. Now you can afford a down payment on much more valuable property and repeat until you have an asset portfolio worth a million dollars. Note you aren't flipping houses and speculating on real estate you are investing in your life during different stages. This is how people build wealth in the modern world they don't become criminals or gamble on meme coins.

Let's get the c0 programming language (pronounced c-naught) by installing it here. Use any text editor and run the .c0 file in the coin interpreter see this setup video and skip to @8m 'Running a c0 program'. You can also use various editor plugins in VScode marketplace or emacs c0-mode but I'm just going to manually run everything in coin.

The first lecture if you downloaded everything contains mystery2.c0

/* Mystery function with a bug or two
 *
 * 15-122 Principles of Imperative Computation
 * Frank Pfenning
 */

int f (int x, int y) {
  int r = 1;
  while (y > 1) {
    if (y % 2 == 1) {
      r = x * r;
    }
    x = x * x;
    y = y / 2;
  }
  return r * x;
}

Type 'coin mystery2.co' and you get the c0 interpreter. Inside the interpreter enter f(3,2); (note the semicolon) and press return to see it evaluated. To exit Ctrl-D which is the universal exit command for any Unix/Linux shell program meaning 'end of input' or type #quit. This is all in their setup lab or the video I posted above. The c0.typesafety.net domain is long gone.

Reading the first lecture and slides from this year's version. They are both worth looking at, the notes are like a book and the slides have some additional content aimed at students like 'why is this bad code'. Always start with the slides first then look into the lecture if you need to know more or to try the exercises. Sometimes they erase or archive semesters if that happens try an earlier one linked above.

If you get a strange error note how the scope bracket { comes after the pre/post conditions and invariant:

int POW (int x, int y)
//@requires y >= 0;
{
  if (y == 0)
    return 1;
  else
    return x * POW(x, y-1);
}

int f (int x, int y) 
  //@requires y >= 0;
  //@ensures \result == POW(x,y);
{
  int r = 1;
  int base = x; 
  int exp = y;
  while (exp > 1)
    //@loop_invariant r * POW(base,exp) == POW(x,y);
    {
    if (exp % 2 == 1) {
      r = base * r;
    }
    base = base * base;
    exp = exp / 2;
  }
  return r * base;
}

Page 24, integer division 1/2 is 0: (2*n+1)/2 is 2*n/2 + 1/2 or n + 0. Page 25, the antecedent in an implication: If (antecedent) then (consequent) which returns a t/f boolean.

This was a very detailed logical look at a simple function and in the end it still wasn't correct because we hit int max and overflowed into undefined behavior. If none of the syntax makes sense like compound assignments in the exercises then look at the c0 reference under 'Commands'.

Lecture notes and slides. If either one doesn't make sense look at the other. Horner's rule you use the result of the previous for the next but we'll learn later in 15-213 this is all much easier when you use hexadecimal you can quickly manipulate binary numbers and figure out their decimal if needed. If it's not clear 11000110 is 2⁷ + 2⁶ + 2² + 2¹

TODO

Watching the second lecture since the first is just logistics for the course. The lectures are definitely helpful for this course because the book is filled with so many details you can easily get lost but it's up to you.

.. cont TODO