Last May, the cybersecurity program at UT-Austin’s Strauss Center hosted a well-received 1.5 day technical bootcamp for law and policy professionals who are interested in cybersecurity but who seek greater fluency with related technical concepts. The idea was to provide a deep dive into a select set of relevant topics, assuming no prior technical knowledge on the part of any attendees (many attendees knew a great deal about the legal and policy aspects of this topic, but not the technical side).
Well, we were thrilled with how it went, and we are going to do it again in just a few weeks! As with the first iteration, version 1.1 will be led by Professor Matt (Pwn All the Things) Tait, the Strauss Center’s senior fellow for cybersecurity. All the details you need appear below (including how to apply). Please note that if you are interested, you must apply by Thursday this week!
What’s the agenda?
Day 1 (Tuesday October 23)
8:30-10:00 Session 1: Foundations and investigations
i. How it works
ii. Why it is difficult to eliminate
iii. Command-and-control servers/infrastructure
Case study: CitizenLab/Syria
Case study: False flags (Russia/Olympics/DRPK)
10:30-12:00 Session 2: Code, Data, and memory corruption attacks
a. How processors work, what is code, data, and how are they stored in system memory?
b. How is text stored in memory, and what is the “stack”?
c. Stack overflow attacks, and how they work
12:00-1:00 Lunch (on site)
1:00-2:30 Session 3: Hacking Websites (I)
a. How do websites work?
b. Which hacks matter most? Distinguishing code running on the server from code running in the browser
c. Upload vulnerabilities
d. Databases (Introduction)
ii. SQL and database languages
iii. Practice with a login request scenario
3:00-4:30 Session 4: Hacking Websites (II)
a. Databases (hacks and mitigations)
i. SQL injection
ii. Illustrative attacks
Gaining admin privileges
Copying the user database
Controlling the server
6:00-9:00 Dinner: Franklin Barbecue
Day 2 (Wednesday October 24)
8:00-8:30 Arrive at UT Law (Eidmann Jury Room). Coffee and breakfast tacos await
8:30-10:00 Session 5: Cryptography Foundations
a. Passwords and password-hashes
i. Plaintext, reuse and hash algorithms
ii. Password dumps, brute force attacks and slow hashes
b. Symmetric Cryptography
i. evolution and examples
ii. stream ciphers, pseudo-random numbers, and backdoor vulns
c. Asymmetric Cryptography
ii. trap-door functions and integer factorization
iv. limits of asymmetric cryptography
10:30-12:00 Session 6: Cryptography Applications
a. digital signatures
b. cryptographic envelopes
c. device encryption
d. tamper-proof ledgers
e. end-to-end encryption
Blockchain & bitcoin
Quantum cryptography breaking
Quantum key distribution
When does this take place?
The event runs all day on Tuesday, Oct. 23 and the first half of the day on Wednesday, Oct. 24.
Austin. All sessions will take place at the law school at the University of Texas.
How much will this cost?
Nothing. It’s on us, all of it. We’ve got you covered for hotel rooms for two nights (Monday the 21st before the event begins, and Tuesday the 22nd), and we will cover all the meals. And we will reimburse you for reasonable air travel expenses, too.
Hmmm … and what might those meals entail?
Barbecue, for one thing. And not just any barbecue. For the Tuesday night dinner, we’ve rented out the legendary Franklin Barbecue (normally you have to get in line at 9 in the morning if you hope to kick the tires at Franklin). We’ll also provide lunch during the Tuesday session, and naturally will have breakfast tacos to start each day.
How do I claim a spot?
We are going to select up to 15 participants, based on who throws their hat the ring this week. Here is the link to request to participate.
Deadline to apply?
Thursday, Oct. 4, 2018, by the end of the day.
When will I learn if I’ve been selected?
We will announce selections by mid-day this Friday, and will be in touch immediately to begin arranging your travel.
What if I have questions?
Email Bobby Chesney, the director of the Strauss Center, at [email protected].