Projects
For the final project you should form a group of two or three people
and complete a project related to computer security. Before you get
started, you must send a one-paragraph project proposal to the
instructor for approval. You should
prepare a written report of approximately ten pages in length, and
turn in any code or other artifacts that you produce. On the last day
of class, volunteers will present their projects.
Examples of Previous Projects
- Attacking your home router
Performed and documented attacks against a home router, including a
SYN flood attack, an evil twin attack, and a brute-force password
cracking attack. Also surveyed graduate students to determine what
percentage had ever changed their router's password from its default
value. Discovered default passwords in use in coffee shops.
- Spoofing a DHCP server
Implemented an ARP cache poisoning attack to redirect traffic to the
wrong MAC address. Also set up a fake DHCP server that directed
clients to a bogus resolving DNS server.
- Building a vulernable web site
Created a web site with various vulnerabilities built in, including
using a weak password to protect the site, using weak encryption,
a XSS vulernability, and hidden by guessable URLs.
- Assessing a web site's vulnerabilities
Used an automated penetration tool to discover vulernabilities in a
purposely vulnerable web site. Demonstrated attacks such as
session hijacking and executing bash commands on the web server.
- Return to libc
Implemented the return-to-libc stack-smashing attack after turning off
canaries and address-space layout randomization.
- Bluetooth vulernatbilities
Showed how to exploit the "Blueborne" collection of Bluetooth
vulnerabilities in Android devices, including a return-to-libc
attack that succeeds even in the face of address-space layout randomization. Also applied the Metasploit
penetration testing tool to Android devices.
page top