Compter Sciences and Engineering Association Sessions Unit

Head: Diaa Abdallah

Mission
The Sessions Unit will be responsible for creating multiple sessions and activities in Computer Security. The main goal of these sessions is to teach students how to know the impact of such a vulnerability and defend themselves. Through this unit the students would receive training that would build basic overview about the security industry, and what is happening in the underground.

Approach
The procedure to create a tutoring session on a topic will be as follows: Tutoring This approach will be commenced in summer and Fall this year. 1. The sessions are not independent on its own. Each session is based on the one before. 2. The sessions also will heavily invite guests working in the security field in order to teach the students about working in the security industry 3. After the trainer is found a schedule is set and attendees will need to register for the training session. 4. After each three sessions, an activity will be held; That's in order to give the student a chance to apply what he learnt during the previous lectures. Awards may be introduced for the winners in competitions. 5. After attending all the sessions, the student will be able to participate in external security camps

The Team
The team will have to practice the materials of the session and collaborate with each other. The team should also contact and search for trainers and professors to do the lectures and the sessions. The Members should also have the following skills: 1. Basic assembly language skills 2. Experience in debugging executables The team will be divided into groups. One group will be responsible for managing the Professor Lectures schedule. Students will be recruited via the portal mail.

Tentative Time Plan

1. (THROUGH THE C++ CODE ...)Where does the error begin ?? THE TRADITIONAL STACK OVERFLOW and exploitation of the vulnerability (Controlling EIP) 2. What does it mean by exploitation? // Exploitation mitigation techniques, What's next? (Windows XP SP2) DEP / non-executable STACK 3. Continued to exploitation mitigation: SAFESEH / SEHOP / ASLR (implementation of the new techniques ...) 4. Migration to the real world exploitation: Metasploit, exploitation development 5. A vague web security session: Overview of the basic attacks on websites ... 6. How the attacker thinks when attacking a website 7. Other types of attacks (Directory Traversal attack, RFI, SQL injection, XSS...) 8. heap and integer overflows, format string bugs, null dereferencing 9. kernel exploitation