{"id":17183355,"url":"https://github.com/teodutu/sis","last_synced_at":"2025-03-25T02:39:00.367Z","repository":{"id":121179159,"uuid":"412409661","full_name":"teodutu/SIS","owner":"teodutu","description":"Security of Information Systems - UPB 2021-2022","archived":false,"fork":false,"pushed_at":"2021-12-15T13:30:33.000Z","size":1054,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-30T03:42:31.689Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/teodutu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-01T09:43:20.000Z","updated_at":"2024-12-09T23:26:34.000Z","dependencies_parsed_at":"2024-06-12T01:46:59.168Z","dependency_job_id":null,"html_url":"https://github.com/teodutu/SIS","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teodutu%2FSIS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teodutu%2FSIS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teodutu%2FSIS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teodutu%2FSIS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/teodutu","download_url":"https://codeload.github.com/teodutu/SIS/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245388255,"owners_count":20607146,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T00:40:21.050Z","updated_at":"2025-03-25T02:39:00.350Z","avatar_url":"https://github.com/teodutu.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SIS\n[Security of Information Systems](http://elf.cs.pub.ro/sis) - UPB 2021-2022\n\n\n\n## Labs\n### Lab 1 - Introduction\nGeneric exploration tasks.\nOne takeaway from [task 4](http://elf.cs.pub.ro/sis/sessions/01-intro-systems-security.html#tasks) was that an often overlooked security mechanism in Linux is called [capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html).\nThere are 2 interesting commands:\n- `setcap`\n- `getcap`\n\n\n### Lab 2 - Authentication\n#### Task 1 - Breaking Hashes\nThis task showcases a few ways to break `sha256` hashes of passwords:\n- dictionary attacks\n- brute force\n- substitution\n- punctuation\n\nBut they all rely on some sort of exhaustive search through a list of possible hashes.\n\nOn top of these, there is also a bit of social engineering in task `h`.\n\nTask 4 is your typical side-channel attack, whereby a password checking app iterates through it in plaintext and returns as soon at the first incorrect byte.\n\n\n### Lab 3 - Application Exploit\n4 typical SSS beginner-level exploiting tasks. The only rather notable taks is\n[task 3.c](./Labs/Lab3/ret-to-libc/exploit.py) where a simple 1-stage\nret-to-libc exploit is performed. Only 1 stage is necessary as ASLR is turned \noff, so the address of `libc` can be found by simply running `ldd`.\n\n\n### Lab 4 - Web Exploit\nA few simple web exploiting tasks, which showcase the usage of:\n- [dirb](https://sourceforge.net/projects/dirb/)\n- unsanitised user inputs\n- sql injection\n- query parameter exploitation\n\n\n### Lab 5 - DEP \u0026 ASLR\nASLR is bypassed by ret-to-plt.\nDEP is bypased by ret-to-libc.\n\n\n### Lab 6 - ROP \u0026 DOP\nThe ROP tasks are classics.\nThe DOP task is bullshit.\nThe vulnerable program is an interpreter that can be made to print any 6-digit string.\nIt's all about computing offsets.\nBoring.\n\n\n### Lab 7 - App Confinement\nA weird lab about [AppArmor](https://apparmor.net/), `chroot` and `secoomp`.\nNot much is of interest.\n\n\n### Lab 8 - System Isolation\nCracking `chroot`, VMs and other bullshit.\nUninteresting.\n\n\n### Lab 9 - Code Analysis\nThis lab has us investigate a bunch of code bases in order to discover bugs.\nSome static analysis tools like `cppcheck`, `flawfinder` and `clang-tidy` are also explored.\n\n\n\n## Homework\n### Assignment 1\nSome rather boring challenges.\nThe most interesting of them is [`injection`](Homework/Assignment-1/injection).\nIt can be solved in a simpler way, but I chose to pivot the stack in order to make room for the shellcode.\n\n\n### Assignment 2\nSome more annoying misc and forensics challenges.\nThe more interesting one is probably [`no_room`](./Homework/Assignment/no_room).\nThe reason it's interesting is because it requires pivoting the stack onto the `.data` section because the stack buffer is not large enough.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fteodutu%2Fsis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fteodutu%2Fsis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fteodutu%2Fsis/lists"}