EECS 388 - Intro to Computer Security

Cryptography

At the start of this class, we learned about various cryptography standards, the principles they operated on, and what makes them vulnerable to attack. We then implemented a length extension attack against a message whose MAC was generated with a standard hash instead of an HMAC, which allowed us to modify an API call to execute arbitrary functionality. This mirrored a real-world vulnerability discovered in Flickr's code. After that, I created a hash collision in MD5 and built a program to solve Vigenère ciphers with classical cryptanalysis, both of which introduced valuable concepts.

For part 2 of the project, I first created a program to forge an RSA signature with Bleichenbacher’s attack. This attack, which relies on improper data validation by a server, allows an attacker to make a short message appear as though it were signed by a given private key even when we only know the public key. Following that, I made a program which used a padding oracle attack to decode ciphertext encrypted with AES in cipher block chaining mode.

Web Security

In this unit, I learned to exploit and mitigate SQL injection, stored and reflected XSS, and cross-site request forgery vulnerabilities. With these skills, I implemented projects utilized a mixture of SQL, HTML, and JavaScript with JQuery that would exploit these vulnerabilities on target pages. Lastly, I performed a case study cataloguing the vulnerabilities of a sample website provided by course administrators, and drafted a report on how to improve its security.

Networking

With the skills I've gained on this subject, I implemented a MITM program in Go which intercepts a client DNS request for 'bank.com', responds with its own address, and impersonates the client in communication with the bank. The MITM then redirects all transfers towards an attacker-controlled bank account and modifies the bank's responses to mask that any interference is occurring.

In additionally to created a trace analyzer which identifies SYN scanning and ARP spoofing attacks when given a PCAP file, and performed manual analysis of another trace to identify the location it was taken, the devices involved, and various other characteristics of network activity at the time.

Application Security

Utilizing tools like gdb and ROPgadget, I manually constructed inputs which would induce buffer overflows. I tailored these inputs to accomplish various objectives, from redirecting execution without errors to spawning a root shell that could be arbitrarily exploited by the attacker. In addition, I designed the attacks to evade common defense mechanisms like EDP and ALSR. In the process, I gained the skills necessary both to avoid introducing these vulnerabilities in my own code and to recognize & fix them where they exist in the code of others.

Digital Forensics

For this unit, we were given a copy of a computer system's memory, and told to discover whether the previous owner was involved in carrying out a cyberattack. Utilizing a mix of live and dead analysis, we were able to crack a series of password protected folders, reconstruct deleted files, and discover and hack - with prior authorization - a number of external accounts owned by the individual in question. At the end of the project, we presented a report summarizing our findings, and my report earned a perfect score.