Hi All,
Congratulations on finishing the COMP6447 exam. Hopefully you all found the course fun and rewarding. You can now discuss details of the exam freely as everyone has completed the exam. Solutions are available here: https://github.com/secedu/comp6447-exam-solutions .
If you have a few spare minutes, could you please fill out this survey so we can improve the course next year. We take this feedback seriously and onboard in future iterations of the course and we sincerely appreciate any feedback: https://goo.gl/forms/I43eNolejAhfDQV73
If you're concerned about your performance of the exam, do not fret, we will consider the difficulty of the exam in marking.
We will release more information about a supplementary exam at a later date.
If you have any other formal questions, please let us know.
Thanks,
Sean
Hey guys,
Before arriving, please make sure you read all the exam instructions carefully here http://exam.6447.sec.edu.au/ . The exam will commence at 9.00am so please try arrive at least 15 minutes before the exam begins. Please remember to bring your ID card.
The exam page has been updated with a link to the encrypted exam files. You may download this file in preparation for tomorrow. The password to the file will be released at the beginning of the exam. Please ensure you understand how to decrypt the exam files using the practice binaries.
The website has also been updated with details about the VM which will be available for you to use during the exam. Just a reminder that you may choose to use your own laptop for the exam or the provided VM, or both.
If you have downloaded the exam files within the last few hours, there has been an update to the instructions file inside the tarball and this has been mirrored on the exam website. We suggest you download the exam file again if you have already done so before this announcement.
Also, just a reminder that the exam has a strict no communication rule. Please close all communication applications on your device and do not have them open for the duration of the exam. If we see any communication on your screen, you may receive 0 for the exam.
You may need to do a hard refresh to see these changes on the exam website.
I will see you tomorrow at the exam. Sleep well.
Tek
https://exam.6447.sec.edu.au/ Please check your seat allocations. I will try and answer any questions you have on slack (and will update the page with a FAQ as well). If you need special considerations, please contact us ASAP. You may need to get special considerations from Student Services if requesting special considerations.
Hello!
A friendly reminder to please hop on and do your myExperience survey. We actually look at this data and make changes to our courses.
Last semester, we received lots of really constructive feedback for COMP6443 Web Apps and we will be implementing all of the suggestions made. We really value what you guys have to say and we do our best to deliver quality content to you.
So please, tell us all your thoughts and feelings! And if it doesn't fit into the framework of the survey, send us an email or let's get a coffee!
Thank you!
Nina
PS. Do the survey!
Hey guise,
Week 12 Lecture screen captures have been uploaded.
Tek
Hi All,
Tonight's lecture is going ahead as scheduled. We have the one and only Mr Brinnles coming in and talking about monitor hacking. This content isn't assessable, but is definitely very interesting and shows practically how your exploitation and reversing skills can be put to "good" use.
Sean
Hey guize,
I've increase the submission size limit from 10MB to 30MB. If you require even more, ping me on slack.
Tekky
Due to more unforeseen circumstances, We won't be able to have Petr lecture this coming monday. Instead, we will be going over exam layout and doing revision. Please fill out this quick survey on what topics you would like to cover for revision. https://docs.google.com/forms/d/e/1FAIpQLSd68IieU4SOiaTOn6baVXOVeHlsuf73IGgw5ABWTeGlEOuRQw/viewform?usp=sf_link
Also, MyExperience surveys have been released. Could you please take the time to fill this in so we can improve the course for next year?
--Sean
Apologies for the late notice. Due to unforeseen circumstances, Oliver is unable to make the lecture today, as such the lecture today (8/10/2018) is cancelled.
Please enjoy your Monday night.
Hey guys,
Just a friendly reminder that tonight we have a lecture by Ben Faull who we flew over from the US. He will be giving an overview of Windows Security focusing on memory corruption, discussing window sandboxing and sandbox escapes.
This lecture will be held in Rupert Myers Theatre . The lecture will be recorded and available somewhat soon after the lecture as we know some of you have clashes with this time slot. Details are as follows:
New Date : Wednesday 3rd October 2018
New Location : Rupert Myers Theatre
Time : 6:00pm
Hope to seee you there!
Tek
Greetings aspiring hackers,
You may now download all the submitted midpoint rootkit writeups here:
https://webcms3.cse.unsw.edu.au/COMP6447/18s2/resources/21207
Other notices:
Your lecture feedback will be much appreciated.
Tek
Hey guise,
Just a friendly reminder that there will be a lecture on
memecraft
attacking cryptography
today
by Norman Yue. Please come join us. It will be
fun
. The contents of this lecture are not assessable, not recorded and "should be damn interesting" as quoted from Nina. Hope to see you there!
Date : Monday 24th September 2018
Location Ainsworth 202
Time : 6:00pm
Additional details have been released regarding how the rootkits will be tested, along with a sample rootkit.tar to help you get started. Let me know if further clarification is needed.
--tjp
Hey guys,
I've made a mistake while doing the give specifications. This means you will have an extra day to complete your wargames 3.
I am so sorry about this mistake.
Tek
Hi guys,
On the 1st of October, there is a public holiday (Yay!). Because of this, we will be moving the Monday 6pm lecture to Wednesday 6pm . This lecture will be held in Rupert Myers Theatre . The lecture will be recorded and available somewhat soon after the lecture as we know some of you have clashes with this time slot. Details are as follows:
New Date : Wednesday 3rd October 2018
New Location : Rupert Myers Theatre
Time : 6:00pm
Also, there will also be an optional lecture during the midsem break by our beloved Norman Yue . I'm not one to hype things up but I think it will be lots of fun and jammed pack with cyber excellence. I've heard it my be how to haq memecraft but we don't actually know at this point in time [ EDIT : Norman will be talking about attacking cryptography]. This lecture will be held on the following date time and location:
Date : Monday 24th September 2018
Location Ainsworth 202
Time : 6:00pm
Finally, next week Monday (week 9) we have Cramby (aka John Cramb) doing a lecture on Malware. John Cramb is one of our OG 9447 students and has sick hacking skillz.
See you in class, (maybe)
Tek
Hey guys,
Wargame 4 has been released and contains 3 heap challenges. Also, just a friendly reminder that Glenny McDreamy will be doing a seminar on heap tonight to help introduce you to heap exploitation. We hope to upload the seminar recording a day or 2 after the seminar in the case you can't attend.
Link to wargame 4: https://webcms3.cse.unsw.edu.au/COMP6447/18s2/resources/21000
Seminar is at the usual time and location:
Time : 6:00pm
Location : Ainsworth G01
Date : Wednesday 12 September 2018
Hope to see you there and good luck with the wargames
Tek
Hey Team,
Apologies for the delay on this one, I hope it's still fresh in your minds!
Silvio would love to hear your feedback on his lecture, he is actually a lecturer down at UNSW Canberra and teaches loads of cyber security courses down there. If you're keen for us to get Silvio up more often for some workshops or short courses, please let us know!
https://docs.google.com/forms/d/1X8kGrKSuARPsgZXt5...
As always, appreciate your feedback, this is one of our best ways of gauging what you guys want and how we are doing. So thanks!!!
Nina
Hey guys,
Ruben does a lot of presentations but does not usually get feedback from them. It would really help him if you guys could spare a minute or 2 and complete a survey on last nights lecture.
https://docs.google.com/forms/d/e/1FAIpQLSeNPHk4fk...
Thanks heaps!
Tek
Hey guys,
We will be running Speed Dating in the seclab from 4pm to 6pm. This is the room on K17 ground floor with the RGB lighting, next to the male toilets, has glass walls and has secedu branding all over it.
There will be cordial, nibbles, questionable music and at least 1 person you can talk to (tek).
Pre-drinks will start when tek arrives with the cordial.
I will be providing a list of zIDs of people to each participant so you can discretely indicate your preferences. You will also be required to wear a name tag with your zID which I will provide for you to write on. At the end, you will give your preferences back to me and I will play match maker, contacting you with your perfect matches. You may still submit a team of 4 if you happen to be able to form one.
You may join in on the fun even if you have a team. We would like you to get to know your peers better and make new friends.
Some ice breakers:
Banned questions:
I really hope that all of you that attend will have a great time networking with your peers.
I am currently watching this video and adapting it to our needs.
<iframe width="500" height="281" src="//www.youtube.com/embed/kdngutnYjcY" frameborder="0" allowfullscreen=""></iframe>
https://cloudstor.aarnet.edu.au/plus/s/tjrSUTHLA1v...
The spec has been updated with the download link to the VM containing the FreeBSD installation that you will be building your rootkits for.
Hey guys,
This is just a friendly reminder that gleminem will be doing a seminar on ROP tonight.
Date : Sep 5 2018
Location : Ainsworth G01
Time : 6:00pm
You are encouraged to come and join in on the fun. The seminar will be recorded and we will try to get it uploaded on Thursday or Friday. After Glenn does his talk, you will be able to ask questions and maybe get hints and tips on solving your Wargame 3.
Hey guys, remember that you should register your groups at https://goo.gl/forms/kx0q82ZP8WPYeAW72 by the end of Wednesday.
You may group up with anyone currently officially enrolled in the course.
If you don't have a group by then, there will be a speed dating session at 4pm Thursday (6/9/18) in the seclab to help you find your perfect group.
You may view the registered groups here https://docs.google.com/spreadsheets/d/1I2mWLsmjt4... . There is conditional formatting to highlight duplicate entries.
Challenges misc-1 and misc-2 have been updated to fix an unintended solution, and their flags have been changed. If you've already solved them, make sure your solution still works and that you've got the updated flag (you can check
the scoreboard)
Note that their address has also changed to misc.6447.sec.edu.au:[8005:8006]
--tjp
Hey team!
If you attended Monday's lecture, please fill out the following survey
https://goo.gl/forms/onKQjZLQcBBdIIit2
TY!
Nina
Hey guys, the tutes today are in Oud as there are renovations in the sec lab.
Wargame 3 has been released
Wargame 1 has been marked.
If you have questions about your marks, please send them to the class account.
Tek
Hey guys,
Tonight, Adam Tanana has kindly offered to run a seminar on format strings. He will also be helping with Wargame 2 afterwards. You are all welcome to come if you need help with your wargames or want to help others with their format strings. It will be fun. There may be food.
Date: 29 August 2018
Time : 6:00pm to 8:00pm
Location : Ainsworth G01
Also, next week and the week after, Glenn McGuire will be running seminars on ROP and Heap so keep your schedule free for those too. It will be the same time a place (during our Wednesday seminar time slots).
Hey gize,
I finished marking.
If you have a problem with your mark, whether it be too high or too low and you don't know why, send an email to cs6447@cse.unsw.edu.au or come talk to me if you see me around.
You can view your mark by executing the following:
6447 classrun -collect midsem
Alternatively, you may use this page (which seems to be working now):
https://webcms3.cse.unsw.edu.au/COMP6447/18s2/resources/20454
Partial marks were awarded if you had no flag but you wrote something sensible.
KByeee
Hi everyone!
Hope you enjoyed the mid-semester exam. We'll be marking and releasing the results near foreseeable future (definitely before census date).
This is the first time we've run the exam with pre-released problems and in this format. Could you please take 3 minutes to fill in this survey so we can get some feedback on your thoughts on the questions and layout of the exam ( https://goo.gl/forms/EdOgY2I9C0eslnB32 ).
--sean
Hi guys,
The exam instructions will be released early so that you can come to the exam room prepared. They are available here:
https://midsem.6447.sec.edu.au/
The password to the binaries will be released at 6:10pm tomorrow on the above website and by your invigilator. You may download the encrypted tar ahead of the exam and bring it to the exam.
Please make sure you have gone through the practice exam to ensure you understand how to decrypt the binaries and also to understand the general format of the challenges. We will not give you extra time for you to do this in the exam.
Please remember to bring your student ID and know your seating allocation.
If you find any missing info or need clarification on any points, please post in the slack and @tek or @sy.
We've released a practice challenge in the same style as the mini-exam challenges. You can download the binary and access the challenge with the details listed below
challenge: practice.6447.sec.edu.au:4000 binary: https://cloudstor.aarnet.edu.au/plus/s/HhVHQHAdvV2...
The tar file containing the challenge has been encrypted, you can decrypt it with the gpg command. (You will be required to do this during the exam)
gpg practice.tar.gpg (the password is password)
Exploit the binary to retrieve the flag on the remote system.
--tjp
https://cgi.cse.unsw.edu.au/~cs6447/18s2/seating/midterm/allocations/seating.html
The above link will take you to a page with everybody's seating allocations. You will need to provide your zID and zPass to gain access to the page.
You will be seated in either Sitar, Oboe or Kora, which are all in J17 Ainsworth level 3.
If you are one of 3 students that require extra provisions, your exam will be held in the SecLab. I will also be contacting you guys a bit later in a separate email.
Please remember to bring your student card as we will be checking your ID against your allocated seat. If you happen to forget your student card, a government issued identification card may be used as a substitute.
If you do not require extra provisions, are enrolled in the course and do not have an seat allocation, please email cs6447@cse.unsw.edu.au ASAP.
If you are an unofficial student, please do not attend the exam.There is no space in the lab for you so please don't rock up and randomly sit in a seat. We may or may not release this exam at a later date.
Hey guys,
I have finished setting up give so you will be able submit your wargame writeups now. The give instructions have been updated in the wargame spec
Tek
Hey all!
I've added a link under course work of some old videos. Please note, these videos have not been fully reviewed and the editing may be incomplete but we thought they might come in handy. The slides used in the videos match those presented by Brendan in previous lectures and those he will be using tonight.
NB: I have also added more lecture slides to Week 4 which Brendan sent though over the weekend.
glhf
Nina
Hello all
What with the weekend coming up, and the first set of binary challenges released, I'd just like to remind everyone that
the wargames are due on the 20th, the date of the exam.
As a student who has taken this course in the past, binary exploitation is not something you can learn in 48 hours
under pressure.
I'd strongly advise trying to give yourself some time before your next tute to attempt the wargame challenges.
Binary exploitation is a difficult skill, with a lot of small challenges that you might not expect in advance,
and the amount of time each challenge will personally take you is hard to estimate.
Binary exploits = hardcore, Self directed learning is expected, but if you're still having issues
we're here to help (in the seceduau/#comp6447 slack channel), just make sure not to leave it until the last minute.
Thanks
--tjp
Hello friends!
Brendan has some homework for you this week:
You do not need to submit anything but please read and do the exercise.
glhf
Nina
Hey guys,
This is a notice to inform you that the wargames are released and that they count towards your final marks.
Tek
The slides for linux priv esc have been uploaded.
https://webcms3.cse.unsw.edu.au/COMP6447/18s2/resources/17380
.
There is no lecture recording for week 2.
The slides for how computers/memory works has been uploaded. There also is a recorded version from previous years uploaded linked. https://webcms3.cse.unsw.edu.au/COMP6447/18s2/resources/17379 . No other content will be released for week 1.
Slides for week 2 will be uploaded shortly. There is no lecture recording of week 2.
Hello!!!
Next week's lecture will be presented by Sagi Shahar who is a Senior Manager in Digital Assurance at Commbank in Perth. Sagi will be presenting on vulnerabilities and privilege escalation in Linux and Unix systems.
Sagi has designed a corresponding workshop which will be what the tutors take you through next week. Please ensure you have something that can run VMs such as VMware or VirtualBox on your machine. I will share the link via the lectures tab.
This lecture will not be recorded however we will be sharing the slide deck afterwards.
Happy hacking!
Nina
Hello Students,
Due to the nature of the content presented and discussed in the subject and the companies who presenters represent, most lectures will not be recorded or shared. In some cases, slides may not become available afterwards.
We will ensure you are fully informed about what is and isn't assessable content. We encourage you to discuss the subject with your peers and the course staff on the #comp6447 channel on the SECedu Slack channel (https://seceduau.slack.com/). If you do not have an account, you may register with your UNSW email. We will also open up some forums on WebCMS3 where people can share links to tools and resources.
This is a subject which heavily relies on self-directed learning and the student community. If you cannot attend lectures, we do not recommend taking this course.
Kind regards,
6447 course staff
Hello all!
I hope you all enjoyed your break and are all looking forward to the first lecture tonight! This week there will be no tutorials or seminars.
The email account for this course is cs6447@cse.unsw.edu.au and your course admin is Tek Huynh. Sean Yeoh will also be assisting in the running of this course. This email address reaches all of us so should you have any questions, just send us a message.
We will be in touch with more info soon!
Kind regards,
Nina