Security Challenges

Teaching goals

The goal of this course is to tackle different aspects of what computing security is by working on practical cases shaped as small challenges. The main idea is to provide a set of exercises that could be encountered in a daily job as a technical engineer. It also aims at putting the technical skills gained in other disciples into practice and to push the students to think outside the box and find solutions to various problems by themselves.

Course description

This course is mainly focused on practice. Students will be provided with different challenges on various topics that all require to research information about the inner working of a technology, attack vectors or ways to communicate with a component, before being able to succeed. The purpose is not to provide turnkey solutions to specific problems but to give entry points that could be used in multiple situations.

Keywords

Challenge, reverse engineering, pentest, cryptography, development, steganography, forensic.

Prerequisite

This course will use knowledge built throughout the year (reverse engineering, pentesting, cryptography, etc.) but their mastery is not compulsory. The main skills that are required, however, is to be curious, tenacious and motivated.

Bibliography

  • Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, by Bruce Dang, Alexandre Gazet and Elias Bachaalany, 2014
  • Serious Cryptography: A Practical Introduction to Modern Encryption, by Jean-Philippe Aumasson, 2017
  • Modern Operating Systems (4th edition), by Andrew S. Tanenbaum, 2014
  • SSTIC Challenge Solutions

Teaching team biography

Gabrielle Viala and Thierry Doré are senior reverse engineers and vulnerability researchers at Quarkslab. Their main topic of interest is reversing the Windows internals and low-level components. Before Quarkslab, they respectively worked as pentester and malware analysts for companies such as Orange and Lexsi.

This site uses cookies to improve your user experience and to achieve audience statistics.
I acceptI refuseKnow more