Posted on : 12-10-2008 | By : Elie Bursztein | In : Exercise, Teaching
3
Ce TD vise a comprendre les mécanismes de collecte et de synthèse de l’information au travers d’un exercice pratique qui fait appel à l’autonomie et à la capacité d’analyse des étudiants.
L’intelligence economique étant liée à l’actualité, il semblait pertinent en cette periode de crise financière, de si’interesser au secteur financier.
L’objectif du TD est donc la récolte, l’analyse, la synthèse et la restitution de données concernant les stratégies d’innovation et de marketing de groupes banquaires.
Le sujet au format PDF
Posted on : 17-08-2008 | By : Elie Bursztein | In : Article, Publications
0
Accepted at ATVA 2008 (Automated Technology for Verification and Analysis) Seoul, Korea
NetQi is a freely available model-checker designed to analyze network incidents such as intrusion. This tool is an implementation of the anticipation game framework, a variant of timed game tailored for network analysis.
The main purpose of NetQi is to find, given a network initial state and a set of rules, the best strategy that fulfills player objectives by model-checking the anticipation game and comparing the outcome of each play that fulfills strategy constraints. For instance, it can be used to find the best patching strategy.
NetQi has been successfully used to analyze service failure due to hardware, network intrusion, worms and multiple-site intrusion defense cooperation.
Full article (PDF)
Posted on : 12-06-2008 | By : Elie Bursztein | In : Photos
0
Photos taken while attending the 1st MITACS workshop to present NetQi.
Posted on : 28-05-2008 | By : Elie Bursztein | In : Software
0
Apsm is a desktop application that gathers Apache status mod data to plot charts and compute statistics. Its goal is to help you analyze how the load of your HTTP servers evolves real time. It is written in Java so it should run on every OS.
Download it from Google Code
While fully functional, this is a very early release: I have spent only a day to code it. I will put more effort into it, if I see that it fulfill a need hence do not hesitate to provide your feedback 
As far as I know, this is the first software that use apache mod to make charts.
Here is some screenshot, If you want to see what it look like before using it:
Posted on : 20-05-2008 | By : Elie Bursztein | In : Photos
0
Photos taken while I was attending the WISTP conference in Sevilla.
Posted on : 20-05-2008 | By : Elie Bursztein | In : Article, Publications
0
Published at WISTP 2008 and Awarded Best Paper
With the growing use of protocols obfuscation techniques, protocol identification for Q.O.S enforcement, traffic prohibition, and intrusion detection has became complex task. This paper address this issue with a probabilistic identification analysis that combines multiples advanced identification techniques and returns an ordered list of probable protocols. It combines a payload analysis with a classifier based on several discriminators, including packet entropy and size.
We show with its implementation, that it overcomes the limitations of traditional port-based protocol identification when dealing with hard to classify protocol such as peer to peer protocols. We also details how it deals with tunneled session and covert channel.
Author Version (PDF)
Posted on : 19-03-2008 | By : Elie Bursztein | In : Software
0
This is a sort of code think tank. I put here all the code ideas – improvement that I haven’t time to do but wish I could. One day I might code them, of course if if you are interested by one of those ideas, I will be happy to discuss it with you.
RSS aggregator – re-seeder
Create a serveur side aggregator that fetch a list of rss feed and reseed them as aggregated feed. Gregarius seems a strong base to start but many many feature are missing. The most important are:
- Duplicate removal: when a new is reseed in multiple feed, it should be removed, or better an importance counter can be incremented
- Smart feed based on keyword/regexp should be implemented
- Tag browsing
- Post clustering to group near duplicate
- Related article
Windows HIDS
One security issue with high level interface such as the Windows GUI is that you are completely unaware of what is going on at the network level. Therefore the idea is to use the Windows Filtering Platform to gather low level information useful to know how the computer interact with the network. Here is a list of some information that appears usefull:
- Which process send data to the network
- Does the data sent are encrypted ?
- Alert when a station join or leave the network (specially when dealing with a wifi network)
- Who is your dhcp ?
- Which computer share are available on network (windows, itune, osx)
Ideally the application will be displayed as a red/green dot on the status bar.
Posted on : 15-02-2008 | By : Elie Bursztein | In : Exercise
0
The traceroute tool is one of the basic tool used for network troubleshooting. It has been available since network early days. Still because it is based on TTL header modification and ICMP message, it is not straightforward to understand and implement. The goal of this exercise is to re-implement and add additional techniques to this utility.
This will allow student to understand the notion of packet injection and packet sniffing. It also gives the opportunity to play with more subtle thing such as
network latency, packet filtering and Q.O.S because the main goal is to have a tool that will adapt its behavior according to router and packets filter behavior.
The exercice v0.2 (PDF)
Structure de protocol structure header (.h)
portable types for C code (.h)
A good book that details how the libnet and libpcap can be used is:
Building Open Source Network Security Tools: Components and Techniques
(The author of the book is also the author of the libnet)
Posted on : 01-02-2008 | By : Elie Bursztein | In : Exercise
5
Ce TD vise a comprendre les mécanismes de collecte et de synthèse de l’information au travers d’un exercice pratique qui fait appel à l’autonomie et à la capacité d’analyse des étudiants. L’objectif du TD est la récolte, l’analyse, la synthèse et la restitution de données concernant les stratégies d’innovation et de marketing de sociétés conceptrices de logiciels.
Le sujet (format pdf)
Résultats Round 1
Suite aux votes effectuer après le round 1, le classement suivant à été établie. Les scores ont été normalisé sur 100. Le bareme suivanté été utilisé pour calculer les scores:
- 10 pts pour une 1er place
- 8 pts pour une 2 eme place
- 6 pts pour une 3 eme place
- 5 pts pour une 4 eme place
- 4 pts pour une 5 eme place
Chaque personne ayant votée au plus pour 5 groupes et sans possibilité de voter pour son propre groupe. Un grand bravo à l’équipe Google qui remporte le premier round.
Posted on : 19-01-2008 | By : Elie Bursztein | In : Exercise, Teaching
0
Ce TD permet de mieux comprendre les problèmes de sécurité lié à la mémoire des programmes et la nature des “exploits”. Il les aborde en vous faisant réaliser un exploit sur un programme qui souffre d’un débordement de mémoire (buffer overflow). Ce type de bug est le plus courant et concerne près de 80% des failles actuelles.
Le premier article expliquant comment détourner un bug mémoire pour l’exploiter est du à Aleph-One dans phrack 49. Il s’appelle smashing the stack for fun and profite. La méthode proposée dans le TP est d’utiliser un shellcode. Il existe d’autres méthodes comme le retour dans la libc (Libc return) mais celles-ci sont moins abordables. Il existe de nombreux type de buffers overflow : off-by-one, heap-overflow, double-free …
TD Smashing the stack for understanding and learning (pdf)
