Attack Presentations

For the first 10-15 minutes of most classes, student groups will present attacks that are relevant to that lecture (for example, when discussing user authentication, the group may present techniques for cracking CAPTCHAs).

Note All attacks must be performed in an ethical, safe manner; please see the discussion of legality and ethics in the syllabus.

For the presentation:

  • Describe the relevant background for the attack.
  • Demonstrate the attack live, or else show enough data/information for it to be clear that the attack has been launched.
  • Describe how this attack could be defended against.
  • Describe the challenges you faced and insights you gleaned from the attack.

Date Attack Attacker Description
8/29
8/31
9/5
9/7
9/12 TLS information leakage TBD Demonstrate the BEAST, CRIME, or Lucky 13 attacks against TLS.
9/14
9/19 Certificate mis-validation TBD Demonstrate two examples of incorrect validation of a certificate with a modern browser of your choosing, such as not checking for revocations various attacks listed here.
9/21 Traffic deanonymization TBD Demonstrate a traffic deanonymization attack on Tor, like the one described here.
9/26 Data deanonymization TBD Apply a deanonymization technique like the one here to the Netflix challenge dataset and demonstrate what information you can extract.
9/28 On-path censorship and evasion TBD Set up a (virtual) network with an "on-path" censor who can observe and inject (but not block) packets, and use this censor to respond with lemon DNS queries like here, or tear down connections like here. Demonstrate an evasion technique.
10/3 On-path censorship and evasion TBD Set up a (virtual) network with an "on-path" censor who can observe and inject (but not block) packets, and use this censor to respond with lemon DNS queries like here, or tear down connections like here. Demonstrate an evasion technique.
10/5 Language detection on encrypted voice calls TBD Determine what language is being spoken via an encrypted VoIP call (e.g., Skype, Zoom, Google Meet) by measuring packet sizes, like in this paper.
10/10 Breaking CAPTCHAs TBD Implement a tool that automatically solves CAPTCHAs, such as the attack on text-based ones described here and/or the one on audio-based ones described here. Demonstrate its use on an Alexa top-1000 site.
10/12 TBD
10/17 TBD
10/19 TBD
10/24 Control flow attacks TBD Demonstrate a modern control flow attack against modern defenses such as DEP, ASLR, and Canaries.
10/26 Automated exploit generation TBD Implement techniques like from EXE or AEG to automatically generate attack inputs for toy examples of code, with varying deggrees of complexity.
10/31 TBD
11/2 Kernel-level rootkit TBD Launch a kernel rootkit that hides from detection.
11/7 Cracking passwords TBD Obtain a publicly available dataset of password hashes and implement rainbow tables to crack the passwords.
11/9 TBD
11/14 Off-path TCP attack TBD Demonstrate an off-path TCP inference attack and use it to inject data and to reset the connection. Example side-channels include WiFi's exponential backoff and the global rate limit.
11/16 Opt-ACK attack TBD Demonstrate the optimistic acknowledgment attack on a small cluster of (possibly simulated, e.g., via ns3) machines. Perform this across a wide-area network and discuss the rates you can achieve.
11/21 Kaminsky TBD Demonstrate the Kaminsky DNS cache poisoning attack on a dummy DNS server you run.
11/23
11/28 VPN fingerprinting attack TBD Launch a VPN fingerprinting attack against OpenVPN as described here.
11/30
12/5
12/7

Web Accessibility