Descriptif
As anybody, familiar with 1970s sitcoms can confirm, Mel, the cook on Alice used to say:
“the best defence is a good offence”.
In cybersecurity, a similar saying would be that in order to know how to secure something, one needs first to know how to compromise & break it.
This MODAL will exercise exactly that. Through a set of lessons, tutorials, and challenges, we will understand — and try out — how to “break things”. This may include topics such as:
- TCP Connection Hi-jacking & SYN flooding
- SQL Injection attacks on WWW servers
- Heartbleed - that SSL-bug that caused the whole Internet to flip out
- DNS Cache Poisoning
- ...
We will also call on outside experts, to present their experiences, favourite attacks, and possible countermeasures.
The practical part of this course consists of a set of tutorials and a set of challenges.
- Tutorials: are optional, and serve to help students who need them acquire a certain set of skills. Each tutorial requires a submission of some code, which will be evaluated, and a grade (0-5) will be awarded.
- Challenges: each represent "a thing to hack", such as DNS, or TCP, or DHCP, or invoking a buffer overflow, or performing a man-in-the-middle attack, or ... Challenges will each have an explanation, and supporting material, for what is expected - but will require independent thinking. Each challenge requires a submission of some code, which will be evaluated, and a grade (0-10) will be awarded. Note that a code submission which "does the job, nothing more, nothing less" will be graded 5. Grades in the interval (5-10) reflect an additional effort, such as highly modular code, flexible, robust, or supporting different attack approaches.
You're encouraged to work in a small group of 1-2 students for each challenge.
You will chose to work on challenges in whichever order you like, and you will do however many you want - or, need, in order to get enough points to pass the course.
Prerequisites:
INF321 or INF311+INF411
(Having followed INF421 and/or INF431 probably won't harm you irrevocably)
effectifs minimal / maximal:
/48Diplôme(s) concerné(s)
Parcours de rattachement
Pour les étudiants du diplôme Echanges PEI
INF321 or INF311+INF411 (Having followed INF421 and/or INF431 probably won't harm you irrevocably)
Format des notes
Numérique sur 20Littérale/grade réduitPour les étudiants du diplôme Echanges PEI
Le rattrapage est autorisé (Note de rattrapage conservée)- Crédits ECTS acquis : 6 ECTS
Le coefficient de l'UE est : 13
La note obtenue rentre dans le calcul de votre GPA.
La note obtenue est classante.
Pour les étudiants du diplôme Titre d’Ingénieur diplômé de l’École polytechnique
Le rattrapage est autorisé (Note de rattrapage conservée)- Crédits ECTS acquis : 6 ECTS
Le coefficient de l'UE est : 13
La note obtenue rentre dans le calcul de votre GPA.
La note obtenue est classante.