User Tools

Site Tools


other:topic-suggestions

Project topic suggestions

This page will list some suggested topics for possible projects ranging from simple to expert. If you have any suggested topics, submit an issue to Wiki Github

Offensive topics

  • Malware infection vectors
  • Evaluation of penetration tools
  • OSINT techniques
  • Exploit development
    • Ask Colin for a vulnerable program, or find your own!
    • Bypassing stack canaries, ASLR and CFG/CFI
  • IOT hacking
  • Social engineering/Spear phishing
  • Layer 2 or 3 attacks
  • Evaluation of an exploit eg Dirtyc0w

Defensive topics

  • Configuration of Splunk, or something like it
  • Build, configure and evaluare GRSec or SELinux
  • Hardening guide for a particular OS
  • Something IDS related
  • Read blue team field manual and do something from that

Privacy topics

  • Set up and configure TOR
  • Comparison of encrypted messengers
  • Evaluation of Protonmail and encrypted email clients
  • Setting up, using and deploying PGP

Other topics

  • Evaluate a network protocol
  • Set up and evaluate something like Pi-Hole, or something like that
  • Evaluate a tool you use personally eg Little Flocker or Little Snitch on Mac

OS Specific Research

macOS

  • Find and document Living off the Land Binaries (LOLBINS)
  • Evaluate post exploit frameworks (Apfell, macshell/ macshellswift)
    • How you would prevent/ detect them?
  • Write your own post exploit framework (do it in swift for bonus points and future proofing)
  • Offensive Swift: How can you use/abuse swift to do bad stuff (You can execute Swift in a REPL and use it as a scripting language)
  • Offensive JavaScript for Automation (JXA) what bad shit can you do with JXA how would you detect it?
  • Offensive Apple Script (osascript) what bad shit can you do and how would you detect it?
  • Really investigate macOS hardening
  • Review Patrick Wardles "The Mac Malware of 2019"
    • Extract common TTPs
      • How do they work?
      • How can we detect/ prevent them?
  • [Forensics] Extend APOLLO by Sarah Edwards with more Mac feature
  • Analyse installers (.pkg)s and find vulns
  • Write a tool to automate macOS malware analysis
  • Write malware analysis tool based on the end point security framework

iOS

  • How can you lock down iOS with MDM? (Micro MDM)
  • Can you better monitor iOS with MDM?
  • What logs can you get and how can you monitor these for exploitation?
  • [Forensics] Play with APOLLO by Sarah Edwards evaluate it see if you can extend it?
  • Jailbreak an iPhone and play with frida

These projects are perfect to do for your personal projects in 2nd and 3rd year, as well as talks at society. If you need help, ask!

other/topic-suggestions.txt ยท Last modified: 2020/02/10 18:07 by mikey